Re: Security alerts on OpenLDAP (CVE-2015-1545 / CVE-2015-1546)

24 Feb 2015


      Howard Chu wrote:
...
Given that the deref overlay isn't even documented and is probably used by
only a handful of OpenLDAP developers I don't believe it even merited a CVE
record.
Hmm, not sure. Arthur de Jong implemented support for this control in
nss-pam-ldapd a year ago [1] and IIRC also discussed it on the
openldap-technical mailing list.
Ciao, Michael.
[1] http://arthurdejong.org/git/nss-pam-ldapd/tree/ChangeLog
[..]
2014-01-05  Arthur de Jong arthur@arthurdejong.org
* [c6c317e] : Implement deref control handling
This uses the LDAP_CONTROL_X_DEREF control as described in
          draft-masarati-ldap-deref-00 to request the LDAP server to
          dereference group member attribute values to uid attribute values.
[..]

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: Security alerts on OpenLDAP (CVE-2015-1545 / CVE-2015-1546)