[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#8046 - remote unauth DoS on 2.4.40



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02/06/15 13:47, Paul B. Henson wrote:
> I haven't seen any announcement of this other than on security
> lists, but there's an unauthenticated remote DoS bug in 2.4.40:
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991
> 
> The actual ITS is a bit confusing, the reporter at one point says
> he had the issue with a beta version of 2.4.40 and it didn't work
> against release, but debian confirmed it kills their official
> 2.4.40 package and it caused a segfault against my gentoo 2.4.40
> release, so if you're running 2.4.40 (older versions not
> vulnerable), it's probably worth applying the patch from head:
> 
> http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=patch;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a
>
>  I rebuilt my 2.4.40 with this and it no longer dies when the PoC
> query is issued.
> 

Is there a CVE number for this one?

Thanks in advance!

Cheers,
- -- 
Xin LI <delphij@delphij.net>    https://www.delphij.net/
FreeBSD - The Power to Serve!           Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.1 (FreeBSD)

iQIcBAEBCgAGBQJU1TupAAoJEJW2GBstM+nsqmEP/04bi99MWG1EAZCi8ndnChu+
4n7DL0nB0emIvTP/UboKQcdSPNovDxPuNTZyhNaGEziD8PePGlkfTSanNCvMCl2j
NSnae0K6YSdiqX452jHcdlLbm876S13AxZsbXCSmcyM0wPgnUiaXOJ51L968JdYm
D8iJo4KDA0zxJCOOlb07SgcdgeVJ62I59mmg9qOwZrZvgeSdULv3YhE+v8Xwj3sf
SW4svM0fZm8a2v7zJ/G/ME7od8tteIZYa4DeSkFkIOmHS4TjXWiciWMBTIcgfuba
a2vy8IDK0+tYyiF4LxxOnEDGe5Bmx1nAyzdoSr4UKuWXBNvYerwZocB2/vZO6Vy+
t7ufsEi/H2W0rCpeaSsg0w4ktjm8cUT+l+sWveAVh8UGAlCzYYbE+k+mRTwu9eqg
hP0sruId3ZoT6hL54iPgTYsSR7rffL//twa29u1464k+/OFkbwyAdxJGW7Dotivz
7ArupIwQFoHSquatn3dfZDCHZ0F+Ay6YTwhMUeqpa8xk4pFMuvHdhKRyAtFfS4pA
hFbTL6DIIKk8MMpeiXrHXLLZAbJibb/awVwCko641QtFzsXpQKFkcSJ89zIHVZhx
i7o2F5pHjL5TM03xMJ51oWQiplLVhJ6tcmz+yn0yDHxy5dQv59Pad/BRcx6gynml
sLZ3HXVWv4fspb+ql7DW
=89su
-----END PGP SIGNATURE-----