OpenLDAP: Denial of Service vulnerabilities
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 200803-28 / openldap |
| Release Date |
March 19, 2008 |
| Latest Revision |
March 19, 2008: 01 |
| Impact |
normal |
| Exploitable |
remote |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| net-nds/openldap |
<
2.3.41 |
>=
2.3.41 |
All supported architectures
|
Related bugreports:
#197446, #209677
Synopsis
Multiple Denial of Service vulnerabilities have been reported in OpenLDAP.
2.
Impact Information
Background
OpenLDAP Software is an open source implementation of the Lightweight
Directory Access Protocol.
Description
The following errors have been discovered in OpenLDAP:
-
Tony Blake discovered an error which exists within the normalisation of
"objectClasses" (CVE-2007-5707).
-
Thomas Sesselmann reported that, when running as a proxy-caching server
the "add_filter_attrs()" function in servers/slapd/overlay/pcache.c
does not correctly NULL terminate "new_attrs" (CVE-2007-5708).
-
A double-free bug exists in attrs_free() in the file
servers/slapd/back-bdb/modrdn.c, which was discovered by Jonathan
Clarke (CVE-2008-0658).
Impact
A remote attacker can cause a Denial of Serivce by sending a malformed
"objectClasses" attribute, and via unknown vectors that prevent the
"new_attrs" array from being NULL terminated, and via a modrdn
operation with a NOOP (LDAP_X_NO_OPERATION) control.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All OpenLDAP users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-nds/openldap-2.3.41"
|
4.
References
|
