Vulnerability Note VU#652196
Apple Mac OS X Open Directory server vulnerable to DoS via an invalid LDAP request
Apple has reported a vulnerability in their version of OpenLDAP that is included in Apple Mac OS X and Mac OS X Server versions 10.4 to 10.4.6. If successfully exploited, this vulnerability would allow an attacker to create a denial-of-service condition.
OpenLDAP is a popular open-source implementation of the Lightweight Directory Access Protocol (LDAP). The software allows LDAP-aware programs on a network to get information from a server. Apple uses OpenLDAP as a part of their Open Directory product.
Apple reports that there is an assertion error in their implementation of OpenLDAP. An attacker may be able to exploit this vulnerability by sending a specially crafted invalid LDAP request to the server which triggers the assertion. The result of a successful attack would be a denial-of-service condition.
A remote unauthenticated attacker may be able to create a denial-of-service condition.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||28 Jun 2006|
CVSS Metrics (Learn More)
Thanks to Apple Product Security for reporting this vulnerability. Apple, in turn, credits the Mu Security research team with reporting this issue to them.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-1470
- Date Public: 27 Jun 2006
- Date First Published: 28 Jun 2006
- Date Last Updated: 29 Jun 2006
- Severity Metric: 0.22
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.