bind-dyndb-ldap DN Escaping Flaw Lets Remote Users Deny Service
A vulnerability has been reported in bind-dyndb-ldap, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the "dns_to_ldap_dn_escape()" function (src/ldap_convert.c) when escaping DN values for the LDAP query. This can be exploited to hang the named process and render the service unusable.
A remote user can cause the target named service to crash.
Updates are available, please visit: source code fix