CVE-2006-6493

Name of the Vulnerable Software and Affected Versions OpenLDAP versions 2.4.3 and earlier

Description A buffer overflow issue exists in the krbv4 ldap auth function, which can be exploited by remote attackers to execute arbitrary code. This occurs when OpenLDAP is compiled with the --enable-kbind option and an LDAP bind request is made using the LDAP AUTH KRBV41 authentication method with long credential data.

Recommendations For OpenLDAP versions 2.4.3 and earlier, consider disabling the Kerberos KBIND option as a temporary workaround until a patch is available. Restrict access to the krbv4 ldap auth function to minimize the risk of exploitation. Avoid using the LDAP AUTH KRBV41 authentication method in the affected LDAP bind request until the issue is resolved.