Comment 0 for bug 1446809

Revision history for this message
Felipe Reyes (freyes) wrote : denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)

[Impact]

* slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.

* Trusty ships 2.4.31 which comes with a fix for this.

[Test Case]

TBD

[Regression Potential]

TBD

[Other Info]

* Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143
* http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html