ldap format string issues when merging search descriptors
A CVE, 2011-3508 "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library."
Described as a format string issue here: https://twitter.com/#!/moritzj/status/126617242057179136
Is also described, in the same place, as remotely exploitable, pre-auth.
Updated by Rich Lowe over 7 years ago
- Category set to lib - userland libraries
The terminology wrapped around SSD in this case is pretty hairy (at least to me, who knew nothing about it).
You require not only a custom Service Search Descriptor, but for that custom SSD to have a conditional applied to it, that is:
(Yes, this condition is always-true, that was necessary to not brick auth on the system under test, but it sufficies).
The impression I have is that the use of such a condition is pretty rare.