MDVSA-2014:026 -- Mandriva openldapID: oval:org.secpod.oval:def:1300279 | Date: (C)2014-03-05 (M)2023-12-07 |
Class: PATCH | Family: unix |
A vulnerability has been discovered and corrected in openldap: The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search . The updated packages have been patched to correct this issue.
Platform: |
Mandriva Enterprise Server 5.2 |