SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  OpenLDAP back-sql SQL Injection

Category: LDAP      

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0552


Relevant Information