OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability
Bug #884163 reported by
Tibor Pittich
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap (Ubuntu) |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Hardy |
Invalid
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Maverick |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Natty |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Oneiric |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Precise |
Fix Released
|
Medium
|
Jamie Strandboge |
Bug Description
The vulnerability is caused due to an off-by-one error in the "UTF8StringNorm
The fix is in GIT repository since 6.Oct.2011 - http://
visibility: | private → public |
visibility: | private → public |
Changed in openldap (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in openldap (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in openldap (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in openldap (Ubuntu Lucid): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in openldap (Ubuntu Maverick): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in openldap (Ubuntu Natty): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in openldap (Ubuntu Oneiric): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in openldap (Ubuntu Hardy): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in openldap (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
Changed in openldap (Ubuntu Maverick): | |
status: | In Progress → Fix Committed |
Changed in openldap (Ubuntu Natty): | |
status: | In Progress → Fix Committed |
Changed in openldap (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in openldap (Ubuntu Oneiric): | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
Hardy's openldap2.3 does not have postalAddressVa lidate( ), which is the only known function to pass UTF8StringNorma lize() a 0 length string.