PROBLEM:
bind-dyndb-ldap DN Escaping Flaw Lets Remote Users Deny Service
PLATFORM:
bind-dyndb-ldap
ABSTRACT:
A vulnerability has been reported in bind-dyndb-ldap, which can be exploited by malicious people to cause a DoS (Denial of Service).
reference LINKS:
Secunia Advisory SA50086
Vulnerability Report: bind-dyndb-ldap
SecurityTracker Alert ID: 1027341
RHSA-2012: 1139-1
CVE-2012-3429
IMPACT ASSESSMENT:
Medium
Discussion:
The vulnerability is caused due to an error in the "dns_to_ldap_dn_escape()" function (src/ldap_convert.c) when escaping DN values for the LDAP query. This can be exploited to hang the named process and render the service unusable.
Impact:
A remote user can cause the target named service to crash.
Solution:
Updates are available, please visit: source code fix