The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and previous versions does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
martin nagy bind-dyndb-ldap 1.0.0 |
||
martin nagy bind-dyndb-ldap 1.1.0 |
||
martin nagy bind-dyndb-ldap 0.1.0 |
||
martin nagy bind-dyndb-ldap |
||
martin nagy bind-dyndb-ldap 0.2.0 |