Sponsored link
Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.
| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
OpenLDAP2: remote command execution
| Package(s): | OpenLDAP2 | CVE #(s): | CAN-2002-1378 CAN-2002-1379 | |||||||||||||||||||||
| Created: | December 6, 2002 | Updated: | February 21, 2003 | |||||||||||||||||||||
| Description: | OpenLDAP is the Open Source implementation of the Lightweight Directory
Access Protocol (LDAP) and is used in network environments for distributing
certain information such as X.509 certificates or login information.
The SuSE Security Team reviewed critical parts of that package and found several buffer overflows and other bugs remote attackers could exploit to gain access on systems running vulnerable LDAP servers. In addition to these bugs, various local exploitable bugs within the OpenLDAP2 libraries (openldap2-devel package) have been fixed. Since there is no workaround possible except shutting down the LDAP server, an update is strongly recommended. | |||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||
(Log in to post comments)
OpenLDAP2: remote command execution
Posted Dec 19, 2002 14:29 UTC (Thu) by ber (subscriber, #2142) [Link]
Strange, it is not clear from the advisary that only Suse's openladp2packages are affected.