LDAP: Invalid Length
This protocol anomaly is an LDAP message with a field contained in the BER encoding, whose length is not consistent with that specified for that field. This can also occur when the length of the inner field exceeds the length of an outer encapsulating field.
Extended Description
The Lightweight Directory Access Protocol (LDAP) is designed to be a lightweight access protocol for directory services supporting X.500 models. It offers a means of searching, fetching and manipulating directory content. Several input validation errors have been found to exist in OpenLDAP. The problems were discovered using the PROTOS project's LDAPv3 test suite. The problems enable remote attackers to cause an affected OpenLDAP server to crash, resulting in a denial of service condition. Further technical details are not available at this time.
Affected Products
Openldap openldap
Short Name
LDAP:INVALID:ENC_INVALID_LEN
Severity
Major
Recommended
False
Recommended Action
None
Category
LDAP
Keywords
CVE-2001-0977 bid:3049
Release Date
01/30/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Mandriva
Red_hat
Openldap
Debian
CVSS Score
5.0