OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash. (CVE-2006-5779)

Evgeny Legerov discovered that the OpenLDAP libraries did not correctly truncate authcid names. This situation would trigger an assert and abort the program using the libraries. A remote attacker could send specially crafted bind requests that would lead to an LDAP server denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash (CVE-2006-5779).

An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap.

Packages have been patched to correct this issue.

The remote host is affected by the vulnerability described in GLSA-200611-25 (OpenLDAP: Denial of Service vulnerability)

    Evgeny Legerov has discovered that the truncation of an incoming     authcid longer than 255 characters and ending with a space as the 255th     character will lead to an improperly computed name length. This will     trigger an assert in the libldap code.
  Impact :

    By sending a BIND request with a specially crafted authcid parameter to     an OpenLDAP service, a remote attacker can cause the service to crash.
  Workaround :

    There is no known workaround at this time.

The remote host appears to be running OpenLDAP, an open source LDAP directory implementation. 

The version of OpenLDAP installed on the remote host fails to handle malformed SASL bind requests.  An unauthenticated attacker can leverage this issue to crash the LDAP server on the affected host.

ID	Name	Product	Family	Severity
41106	SuSE9 Security Update : openldap2-client (YOU Patch Number 11307)	Nessus	SuSE Local Security Checks	medium
29537	SuSE 10 Security Update : openldap2-client (ZYPP Patch Number 2291)	Nessus	SuSE Local Security Checks	medium
27967	Ubuntu 5.10 / 6.06 LTS / 6.10 : openldap2.2 vulnerability (USN-384-1)	Nessus	Ubuntu Local Security Checks	medium
27364	openSUSE 10 Security Update : openldap2-client (openldap2-client-2282)	Nessus	SuSE Local Security Checks	medium
24593	Mandrake Linux Security Advisory : openldap (MDKSA-2006:208)	Nessus	Mandriva Local Security Checks	medium
23747	GLSA-200611-25 : OpenLDAP: Denial of Service vulnerability	Nessus	Gentoo Local Security Checks	medium
23625	OpenLDAP SASL authcid Name BIND Request DoS	Nessus	Denial of Service	medium

Detections

Analytics

CVE-2006-5779

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium