OpenLDAP: Denial of Service vulnerabilities
Gentoo Linux Security Advisory
||GLSA 200803-28 / openldap
||March 19, 2008
||March 19, 2008: 01
All supported architectures
Multiple Denial of Service vulnerabilities have been reported in OpenLDAP.
OpenLDAP Software is an open source implementation of the Lightweight
Directory Access Protocol.
The following errors have been discovered in OpenLDAP:
Tony Blake discovered an error which exists within the normalisation of
Thomas Sesselmann reported that, when running as a proxy-caching server
the "add_filter_attrs()" function in servers/slapd/overlay/pcache.c
does not correctly NULL terminate "new_attrs" (CVE-2007-5708).
A double-free bug exists in attrs_free() in the file
servers/slapd/back-bdb/modrdn.c, which was discovered by Jonathan
A remote attacker can cause a Denial of Serivce by sending a malformed
"objectClasses" attribute, and via unknown vectors that prevent the
"new_attrs" array from being NULL terminated, and via a modrdn
operation with a NOOP (LDAP_X_NO_OPERATION) control.
There is no known workaround at this time.
All OpenLDAP users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-nds/openldap-2.3.41"