← Back to team overview

enterprise-support team mailing list archive

  1. enterprise-support team
  2. Mailing list archive
  3. Message #04208

[Bug 1446809] [NEW] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)

  Thread PreviousDate PreviousThread Next 
Public bug reported:

[Impact]

* slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a
denial of service (assertion failure and daemon exit) via an LDAP search
query with attrsOnly set to true, which causes empty attributes to be
returned.

* Trusty ships 2.4.31 which comes with a fix for this.

[Test Case]

TBD

[Regression Potential]

TBD

[Other Info]
 
* Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143
* http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html

** Affects: openldap (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: cts

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1446809

Title:
  denial of service via an LDAP search query with attrsOnly set to true
  (CVE-2012-1164)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next