Apple has reported a vulnerability in their version of OpenLDAP that is included in Apple Mac OS X and Mac OS X Server versions 10.4 to 10.4.6. If successfully exploited, this vulnerability would allow an attacker to create a denial-of-service condition.
OpenLDAP is a popular open-source implementation of the Lightweight Directory Access Protocol (LDAP). The software allows LDAP-aware programs on a network to get information from a server. Apple uses OpenLDAP as a part of their Open Directory product.
Apple reports that there is an assertion error in their implementation of OpenLDAP. An attacker may be able to exploit this vulnerability by sending a specially crafted invalid LDAP request to the server which triggers the assertion. The result of a successful attack would be a denial-of-service condition.
A remote unauthenticated attacker may be able to create a denial-of-service condition.
Thanks to Apple Product Security for reporting this vulnerability. Apple, in turn, credits the Mu Security research team with reporting this issue to them.
|Date First Published:||2006-06-28|
|Date Last Updated:||2006-06-29 18:42 UTC|