virus logo Intrusion Prevention

LDAP.BIND.Request.Overly.Long

description-logoDescription

This indicates an attack attempt against a denial-of-service vulnerability in OpenLDAP.
The vulnerability is in the "strval2strlen()()" [libldap/getdn.c] function, and is caused by the function's inadequate handling of exceptional conditions. A remote attacker may exploit this to crash the vulnerable application, resulting in a denial-of-service condition.

affected-products-logoAffected Products

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Operating System Enterprise Server 2.0
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SUSE Linux Enterprise Server 10
S.u.S.E. SUSE Linux Enterprise Desktop 10
S.u.S.E. Novell Linux POS 9
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Desktop 1.0
rPath rPath Linux 1
RedHat Fedora Core4
OpenLDAP OpenLDAP 2.2.29
OpenLDAP OpenLDAP 2.3.28-E1.0.0
OpenLDAP OpenLDAP 2.3.28-20061022
OpenLDAP OpenLDAP 2.3.28-2.20061022
OpenLDAP OpenLDAP 2.3.27-2.20061018
MandrakeSoft Linux Mandrake 2006.0 x86_64
MandrakeSoft Linux Mandrake 2006.0
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Gentoo Linux

Impact logoImpact

Denial of service

recomended-action-logoRecommended Actions

A fix is available via CVS :
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-09-02 28.856
Modified
 Name:LDAP.
BIND.
Request.
Too.
Long:LDAP.
BIND.
Request.
Overly.
Long
ID 13660
Created Dec 04, 2006
Updated Aug 29, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 43.37%
Default Action drop
Active
Affected OS Linux
Affected App Other
Profile Type Anomaly