2 Feb
2009
2 Feb
'09
11:02 a.m.
Hi,
On Mon, Feb 2, 2009 at 9:48 AM, Stefan Woehrer <stefan_woehrer(a)yahoo.de> wrote:
Hi,
we just upgraded our XWiki from 1.3.2 to 1.7.1.
Right afterwards the firewall registers LDAP-Packages from the XWiki mashine
as an attack, saying:
"A malicious LDAP packet may indicate a potential attack. An attacker could
use a modified LDAP message to cause buffer overflows on defective systems
and execute arbitary code. (LDAP message contains malicious data which does
not comply with ASN.1)"
It seems that it has something to to with the changings made since 1.3.2. Is
that possible?
By default 1.7.1 use the new XWiki LDAP authenticator when 1.3.2 use
the old one. See
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAut…
Now on the technical details it's using exactly the same Novell ldap
client implementation and the differences are more on the XWiki side
so I don't see why it would suddenly send wrong datas.
Greetings,
Steve
--
View this message in context:
http://n2.nabble.com/LDAP-Login-changes-in-new-version-tp2257004p2257004.ht…
Sent from the XWiki- Users mailing list archive at Nabble.com.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne