[Date Prev][Date Next] [Chronological] [Thread] [Top]

Crashing the server via GSS/SASL (ITS#2627)



Full_Name: Mark A. Fox
Version: 2.0.23
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (136.159.7.184)


Authentication using GSS/SASL in which the distinguished name has some extra
information attached (ie. /C=CA/O=Blah/CN=John D. Doe, Email=johndoe@doe.org)
causes slapd to crash.

I'm not sure that it's the ',' the '=', or even the '@', but a certificate with
the above DN definitely causes slapd to crash.

This is potentially a large vulnerability as it would be easy to use it for a
DOS attack.