Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bind-dyndb-ldap 远程拒绝服务漏洞
Vulnerability Description
bind-dyndb-ldap是一套BIND9(实现了DNS协议的开源软件)的LDAP驱动程序,它允许从LDAP后端读取DNS数据,也能够将数据写回(DNS更新)。 bind-dyndb-ldap 1.1.0rc1和早期版本中存在漏洞,可被恶意攻击者利用导致DoS(拒绝服务)。该漏洞源于在转义LDAP查询的DN值时,‘dns_to_ldap_dn_escape()’函数(src/ldap_convert.c)中存在错误。攻击者可利用该漏洞使名字进程挂起,并使服务不可用。
CVSS Information
N/A
Vulnerability Type
N/A