Description: | | There exists a vulnerability in the OpenLDAP Lightweight Directory Access Protocol (LDAP) service. The flaw is due to improper handling of specially crafted BIND requests sent to the server which contain overly long CRAM-MD5 credential strings. This can be exploited by an unauthenticated remote attacker to cause an assertion failure, and thus, causing a Denial of Service condition in the affected service. The target server process will terminate as a result of an attack. Consequently, all established connections will be severed and further connections will not be possible until the server is manually restarted. |