Mandriva Linux Security Advisory : openldap (MDVSA-2014:026)
Medium Nessus Plugin ID 72467
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in openldap :
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search (CVE-2013-4449).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.