Update Protection against OpenLDAP BER Decoding Denial of Service
| Check Point Reference: | CPAI-2008-404 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA30853 | |
| Industry Reference(s): | CVE-2008-2952 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? OpenLDAP Foundation OpenLDAP 2.4.10 and prior OpenLDAP Foundation OpenLDAP 2.3.42 and prior OpenLDAP Foundation OpenLDAP 2.2.x OpenLDAP Foundation OpenLDAP 2.1.x | ||
| Vulnerability Description OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP) service. On a default installation, the OpenLDAP server uses TCP port 389 for communication. |
||
|
Vulnerability Details There exists a denial of service vulnerability in OpenLDAP slapd. The flaw is due to a design error when decoding ASN.1 BER network messages. A remote unauthenticated attacker can trigger this vulnerability by sending a crafted ASN.1 BER-encoded message to the target server. Successful attack could allow for raising a denial of service condition to the affected service. Upon processing malicious LDAP messages, the slapd process will terminate, which triggers a Denial of Service condition of the target LDAP service. The service needs to be restarted manually to resume the normal operation. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.