News
Codenomicon Crash Test Party Participants Help To Fix OpenLDAP
July 22, 2010
Last May, Codenomicon organized a Crash Test Party for students of computer engineering and computer science. More than 40 students from the University of Oulu participated. They were given temporary licences for Codenomicon fuzzing tools, which they could use to test any devices they wanted. Many of the students also chose open source software as test targets. After finding a security flaw, the students were rewarded with a "Go Hack Yourself" T-shirt. In just two hours almost all students had picked up their T-shirts and wore them proudly. We wish to thank all our party guests for their enthusiasm and their responsible conduct in handling the numerous issues found.
The first bugs found at the Crash Test party have now been fixed and can be publicly disclosed. These bugs involve several flaws in OpenLDAP. The vulnerabilities were found by Ilkka Mattila and Tuomas Salomäki with the Codenomicon LDAPv3 test suite, which is an automated fuzzing tool for finding security flaws in any LDAP implementations. With the help of Codenomicon experts, the students reported the flaws to CERT-FI, who coordinated the release of the vulnerabilities between the vulnerability researchers and the affected vendors. CERT-FI has issued an advisory on the vulnerability. Codenomicon and CERT-FI would like to thank the researchers and the OpenLDAP project for co-operation in the remediation efforts.
Follow us on:
