Synopsis :

The remote LDAP server is prone to a denial of service attack.

Description :

The remote host appears to be running OpenLDAP, an open source LDAP
directory implementation.

The version of OpenLDAP installed on the remote host fails to handle
malformed SASL bind requests. An unauthenticated attacker can
leverage this issue to crash the LDAP server on the affected host.

See also :

http://www.securityfocus.com/archive/1/450728/30/0/threaded
http://www.nessus.org/u?9daf484d
http://www.openldap.org/software/release/changes.html

Solution :

Upgrade to OpenLDAP 2.3.29 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true