Check Point Advisories

Preemptive Protection agains Apple Open Directory Denial of Service Vulnerability

Check Point Reference: CPAI-2006-091
Date Published: 19 Jul 2006
Severity: Medium
Last Updated: Tuesday 15 May, 2007
Source: MU Security
Industry Reference:CVE-2006-1470
US-CERT VU#652196
Protection Provided by:
Who is Vulnerable? OSX 10.4.4 through 10.4.6
Vulnerability Description The OpenLDAP software allows LDAP-aware programs on a network to get information from a server. Apple uses OpenLDAP as a part of their Open Directory product. An error in the implementation of OpenLDAP may allow a remote attacker with the ability to send a malformed LDAP request to cause Open Directory server to crash.
Update/Patch AvaliableUpgrade to OSX 10.4.7 at:
http://docs.info.apple.com/article.html?artnum=61798
Vulnerability DetailsAn assertion error exists in the implementation of Open-LDAP. An attacker may send a malformed LDAP message which triggers the assertion and cause a denial-of-service condition.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK