Summary
The remote host is missing an update to openldap
announced via advisory DSA 068-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20068-1
Insight
CERT released their advisory CA-2001-18 which lists a number of vulnerabilities in various LDAP implementations. based on the results of the PROTOS LDAPv3 test suite. These tests found one problem in OpenLDAP, a free LDAP implementation that is shipped as part of Debian GNU/Linux 2.2.
The problem is that slapd did not handle packets with an invalid BER length of length fields and would crash if it received those.
An attacked can use this to mount a denial of service attack remotely.
This problem has been fixed in version 1.2.11-1, and we recommend that you upgrade your slapd package immediately.
Severity
Classification
-
CVE CVE-2001-0977 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities