|
Family: Denial of Service --> Category: denial
OpenLDAP SASL Bind Denial of Service Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for denial of service vulnerability in OpenLDAP
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote LDAP server is prone to a denial of service attack.
Description :
The remote host appears to be running OpenLDAP, an open-source LDAP
directory implementation.
The version of OpenLDAP installed on the remote host fails to handle
malformed SASL bind requests. An unauthenticated attacker can
leverage this issue to crash the LDAP server on the affected host.
See also :
http://www.securityfocus.com/archive/1/450728/30/0/threaded
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740
Solution :
Upgrade to OpenLDAP 2.3.29 when it becomes available.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:N/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|