Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infinite loop and named server hang) via a non-alphabet character in the base DN in an LDAP search DNS query.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
bind-dyndb-ldap 远程拒绝服务漏洞
Vulnerability Description
bind-dyndb-ldap是一套BIND9(实现了DNS协议的开源软件)的LDAP驱动程序,它允许从LDAP后端读取DNS数据,也能够将数据写回(DNS更新)。 bind-dyndb-ldap 1.1.0rc1之前版本中的ldap_helper.c文件中的‘handle_connection_error’函数存在安全漏洞,该漏洞源于当执行DNS查询LDAP搜索时,程序没有正确处理LDAP的连接错误。远程攻击者可借助基于DN的非字母字符利用该漏洞造成拒绝服务(无限循环和named服务器挂起)。
CVSS Information
N/A
Vulnerability Type
N/A