Solution
Please Install the Updated Packages.
Insight
OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.
A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449)
Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue.
All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Affected
compat-openldap on CentOS 5
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-4449 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities