CVE Request for OpenLDAP: - Two issues being discussed that might require a CVE-ID. - Reference to bug reports: - https://bugzilla.novell.com/show_bug.cgi?id=674985#c1 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768 Potential Denial of Service (DoS): - Unauthenticated users can crash the server by submitting a MODRDN request with an empty "olddn" value and "remove old RDN" set. - Example command being: Testing against openldap 2.3.43: - No crash was observed on this version, but the crash can be reproduced on version 2.4.19. - Uncertainty about the impact on older OpenLDAP versions. Possible Patch: - A patch is suggested, available at: - http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9&hideattic=1&sortbyname=0 Other Unassigned CVE Issues: - Mention of two other issues that do not yet have CVE identifiers, covered by a security advisory. - Includes links to further reading on other vulnerabilities.