Signature Detail

LDAP: Invalid Length

This protocol anomaly is an LDAP message with a field contained in the BER encoding, whose length is not consistent with that specified for that field. This can also occur when the length of the inner field exceeds the length of an outer encapsulating field.

Extended Description

The Lightweight Directory Access Protocol (LDAP) is designed to be a lightweight access protocol for directory services supporting X.500 models. It offers a means of searching, fetching and manipulating directory content. Several input validation errors have been found to exist in OpenLDAP. The problems were discovered using the PROTOS project's LDAPv3 test suite. The problems enable remote attackers to cause an affected OpenLDAP server to crash, resulting in a denial of service condition. Further technical details are not available at this time.

Affected Products

• Debian Linux 2.2.0
• Mandriva Corporate Server 1.0.1
• Mandriva Linux Mandrake 7.1.0
• Mandriva Linux Mandrake 7.2.0
• Mandriva Linux Mandrake 8.0.0
• OpenLDAP 1.0.0
• OpenLDAP 1.0.1
• OpenLDAP 1.0.2
• OpenLDAP 1.0.3
• OpenLDAP 1.1.0
• OpenLDAP 1.1.1
• OpenLDAP 1.1.2
• OpenLDAP 1.1.3
• OpenLDAP 1.1.4
• OpenLDAP 1.2.0
• OpenLDAP 1.2.1
• OpenLDAP 1.2.10
• OpenLDAP 1.2.11
• OpenLDAP 1.2.2
• OpenLDAP 1.2.3
• OpenLDAP 1.2.4
• OpenLDAP 1.2.5
• OpenLDAP 1.2.6
• OpenLDAP 1.2.7
• OpenLDAP 1.2.8
• OpenLDAP 1.2.9
• OpenLDAP 2.0.0
• OpenLDAP 2.0.1
• OpenLDAP 2.0.2
• OpenLDAP 2.0.3
• OpenLDAP 2.0.4
• OpenLDAP 2.0.5
• OpenLDAP 2.0.6
• OpenLDAP 2.0.7
• Red Hat Linux 6.2.0
• Red Hat Linux 7.0.0
• Red Hat Linux 7.1.0

References

• BugTraq: 3049
• CVE: CVE-2001-0977
• URL: http://www.ietf.org/rfc/rfc2251.txt