#3539 DoS when connecting with a missing username/dn
Closed: Fixed None Opened 10 years ago by rcritten.

Sumit Bose discovered that FreeIPA's directory server (dirsrv) would segfault if an unauthenicated user attempted to connect to it with a missing username/dn. According to RFC 3062, connecting without specifying the username/dn is valid.

Acknowledgements:

This issue was discovered by Sumit Bose of Red Hat.

CVE-2013-0336


Metadata Update from @rcritten:
- Issue assigned to sbose
- Issue set to the milestone: FreeIPA 3.2 - 2013/04-05 (GA)

7 years ago

Login to comment on this ticket.

Metadata