Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Mar 2012 18:36:17 +0100
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
Subject: CVE Request -- openldap (slapd): Assertion failure by processing
 search queries requesting only attributes for particular entry

Hello Kurt, Steve, vendors,

   a denial of service flaw was found in the way the slapd server of the OpenLDAP,
the Lightweight Directory Access Protocol applications and development suite,
processed certain search queries requesting only attributes (no values) for a
particular entry. A remote attacker could issue a specially-crafted LDAP search
query, which once processed by a vulnerable slapd server would lead to
assertion failure (slapd abort).

Upstream bug report:

Original upstream patch:

Further patches:



Could you allocate a CVE identifier for this?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.