Check Point Advisories

Preemptive Protection against OpenLDAP Remote Buffer Overflow Vulnerability

Check Point Reference:	CPAI-2006-152
Date Published:	20 Dec 2006
Severity:	High
Last Updated:	Wednesday 02 May, 2007
Source:	Secunia Advisory: SA23334
Industry Reference:	CVE-2006-6493
Protection Provided by:
Who is Vulnerable?	OpenLDAP version 2.3.30 and prior
Vulnerability Description	A denial of service vulnerability exists in OpenLDAP. OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol (LDAP). The vulnerability could be exploited by remote attackers to crash the service or execute arbitrary code via a specially crafted LDAP request to an affected LDAP server.
Vulnerability Details	The vulnerability is due to a boundary error in the 'krbv4_ldap_auth()' function in OpenLDAP servers 'slapd/kerberos.c' that fails to properly process overly long requests. Remote attackers can exploit this issue by sending specially crafted BIND requests to a vulnerable OpenLDAP server and causing it to crash. Successful exploitation may allow execution of arbitrary code on the vulnerable system.