OpenLDAP: Denial of Service vulnerabilities

Security Team Contact Address

Updated March 19, 2008

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200803-28 / openldap
Release Date	March 19, 2008
Latest Revision	March 19, 2008: 01
Impact	normal
Exploitable	remote

Package	Vulnerable versions	Unaffected versions	Architecture(s)
net-nds/openldap	< 2.3.41	>= 2.3.41	All supported architectures

Related bugreports: #197446, #209677

Synopsis

Multiple Denial of Service vulnerabilities have been reported in OpenLDAP.

2. Impact Information

Background

OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol.

Description

The following errors have been discovered in OpenLDAP:

Tony Blake discovered an error which exists within the normalisation of "objectClasses" (CVE-2007-5707).
Thomas Sesselmann reported that, when running as a proxy-caching server the "add_filter_attrs()" function in servers/slapd/overlay/pcache.c does not correctly NULL terminate "new_attrs" (CVE-2007-5708).
A double-free bug exists in attrs_free() in the file servers/slapd/back-bdb/modrdn.c, which was discovered by Jonathan Clarke (CVE-2008-0658).

Impact

A remote attacker can cause a Denial of Serivce by sending a malformed "objectClasses" attribute, and via unknown vectors that prevent the "new_attrs" array from being NULL terminated, and via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control.

3. Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All OpenLDAP users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-nds/openldap-2.3.41"

4. References