FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openldap -- two remote denial of service vulnerabilities

Affected packages
openldap-server < 2.4.40_3

Details

VuXML ID a0c45e53-ae51-11e4-8ac7-d050992ecde8
Discovery 2015-02-02
Entry 2015-02-06

Ryan Tandy reports:

With the deref overlay enabled, ldapsearch with '-E deref=member:' causes slapd to crash.

Bill MacAllister discovered that certain queries cause slapd to crash while freeing operation controls. This is a 2.4.40 regression. Earlier releases are not affected.

References

URL https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988
URL https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991