Executive Summary
Summary | |
---|---|
Title | New openldap2.3 packages fix denial of service |
Informations | |||
---|---|---|---|
Name | DSA-1541 | First vendor Publication | 2008-04-08 |
Vendor | Debian | Last vendor Modification | 2008-04-08 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5707 Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests. CVE-2007-5708 Toby Blade discovered that incorrect memory handling in slapo-pcache could lead to denial of service through crafted search requests. CVE-2007-6698 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modify requests. CVE-2008-0658 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modrdn requests. For the stable distribution (etch), these problems have been fixed in version 2.3.30-5+etch1. For the unstable distribution (sid), these problems have been fixed in version 2.4.7-6.1. We recommend that you upgrade your openldap2.3 packages. |
Original Source
Url : http://www.debian.org/security/2008/dsa-1541 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10183 | |||
Oval ID: | oval:org.mitre.oval:def:10183 | ||
Title: | OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. | ||
Description: | OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5707 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10748 | |||
Oval ID: | oval:org.mitre.oval:def:10748 | ||
Title: | The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. | ||
Description: | The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6698 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17649 | |||
Oval ID: | oval:org.mitre.oval:def:17649 | ||
Title: | USN-551-1 -- openldap vulnerabilities | ||
Description: | Thomas Sesselmann discovered that the OpenLDAP slapd server did not properly handle certain modify requests. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-551-1 CVE-2007-5707 CVE-2007-5708 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | openldap2.2 openldap2.3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17747 | |||
Oval ID: | oval:org.mitre.oval:def:17747 | ||
Title: | USN-584-1 -- openldap2.2, openldap2.3 vulnerabilities | ||
Description: | Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and the NOOP control was used. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-584-1 CVE-2007-6698 CVE-2008-0658 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | openldap2.2 openldap2.3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18413 | |||
Oval ID: | oval:org.mitre.oval:def:18413 | ||
Title: | DSA-1541-1 openldap2.3 | ||
Description: | Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1541-1 CVE-2007-5707 CVE-2007-5708 CVE-2007-6698 CVE-2008-0658 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | openldap2.3 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21706 | |||
Oval ID: | oval:org.mitre.oval:def:21706 | ||
Title: | ELSA-2007:1037: openldap security and enhancement update (Important) | ||
Description: | OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:1037-01 CVE-2007-5707 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | openldap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22636 | |||
Oval ID: | oval:org.mitre.oval:def:22636 | ||
Title: | ELSA-2008:0110: openldap security update (Moderate) | ||
Description: | slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0110-01 CVE-2007-6698 CVE-2008-0658 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | openldap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9470 | |||
Oval ID: | oval:org.mitre.oval:def:9470 | ||
Title: | slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. | ||
Description: | slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0658 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2008-02-13 | OpenLDAP 2.3.39 MODRDN Remote Denial of Service Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2009-10-10 | Name : SLES9: Security update for OpenLDAP 2 File : nvt/sles9p5023640.nasl |
2009-04-09 | Name : Mandriva Update for openldap MDVSA-2008:058 (openldap) File : nvt/gb_mandriva_MDVSA_2008_058.nasl |
2009-04-09 | Name : Mandriva Update for openldap MDKSA-2007:215 (openldap) File : nvt/gb_mandriva_MDKSA_2007_215.nasl |
2009-03-23 | Name : Ubuntu Update for openldap2.2, openldap2.3 vulnerabilities USN-584-1 File : nvt/gb_ubuntu_USN_584_1.nasl |
2009-03-23 | Name : Ubuntu Update for openldap vulnerabilities USN-551-1 File : nvt/gb_ubuntu_USN_551_1.nasl |
2009-03-06 | Name : RedHat Update for openldap RHSA-2008:0110-01 File : nvt/gb_RHSA-2008_0110-01_openldap.nasl |
2009-02-27 | Name : CentOS Update for compat-openldap CESA-2008:0110 centos4 i386 File : nvt/gb_CESA-2008_0110_compat-openldap_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for compat-openldap CESA-2008:0110 centos4 x86_64 File : nvt/gb_CESA-2008_0110_compat-openldap_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for compat-openldap CESA-2008:0110 centos5 i386 File : nvt/gb_CESA-2008_0110_compat-openldap_centos5_i386.nasl |
2009-02-27 | Name : CentOS Update for compat-openldap CESA-2008:0110 centos5 x86_64 File : nvt/gb_CESA-2008_0110_compat-openldap_centos5_x86_64.nasl |
2009-02-27 | Name : Fedora Update for openldap FEDORA-2007-2796 File : nvt/gb_fedora_2007_2796_openldap_fc8.nasl |
2009-02-27 | Name : Fedora Update for openldap FEDORA-2007-3124 File : nvt/gb_fedora_2007_3124_openldap_fc7.nasl |
2009-02-27 | Name : Fedora Update for openldap FEDORA-2007-741 File : nvt/gb_fedora_2007_741_openldap_fc6.nasl |
2009-02-17 | Name : Fedora Update for openldap FEDORA-2008-6029 File : nvt/gb_fedora_2008_6029_openldap_fc8.nasl |
2009-02-16 | Name : Fedora Update for openldap FEDORA-2008-1307 File : nvt/gb_fedora_2008_1307_openldap_fc7.nasl |
2009-02-16 | Name : Fedora Update for openldap FEDORA-2008-1616 File : nvt/gb_fedora_2008_1616_openldap_fc7.nasl |
2009-02-16 | Name : Fedora Update for openldap FEDORA-2008-1568 File : nvt/gb_fedora_2008_1568_openldap_fc8.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-28 (openldap) File : nvt/glsa_200803_28.nasl |
2008-09-04 | Name : FreeBSD Ports: openldap-server File : nvt/freebsd_openldap-server1.nasl |
2008-09-04 | Name : FreeBSD Ports: openldap-server File : nvt/freebsd_openldap-server0.nasl |
2008-04-21 | Name : Debian Security Advisory DSA 1541-1 (openldap2.3) File : nvt/deb_1541_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43306 | OpenLDAP slapd BDB Backend Crafted Modify Operation Remote DoS OpenLDAP contains a flaw that may allow a remote denial of service. The issue is triggered when trying a modify operation with the NOOP control set to critical on an entry stored in a BDB back-end, and will result in loss of availability for the service. |
41948 | OpenLDAP slapd BDB Backend modrdn.c modrdn Operation NOOP Control Remote DoS |
38485 | OpenLDAP slapd slapo-pcache Unspecified Remote DoS |
38484 | OpenLDAP slapd Crafted LDAP Request Remote DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0110.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1038.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080221_openldap_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071115_openldap_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071108_openldap_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12075.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-058.nasl - Type : ACT_GATHER_INFO |
2008-04-28 | Name : The remote openSUSE host is missing a security update. File : suse_openldap2-4999.nasl - Type : ACT_GATHER_INFO |
2008-04-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openldap2-4989.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1541.nasl - Type : ACT_GATHER_INFO |
2008-03-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-28.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-584-1.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e5d29309e0db11dc97b2001c2514716c.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0110.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0110.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1616.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1568.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1307.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openldap2-4679.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-551-1.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote openSUSE host is missing a security update. File : suse_openldap2-4677.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3124.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1038.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-741.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2796.nasl - Type : ACT_GATHER_INFO |
2007-11-09 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-215.nasl - Type : ACT_GATHER_INFO |
2007-11-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1037.nasl - Type : ACT_GATHER_INFO |
2007-11-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_db449245870d11dca3ec001921ab2fa4.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:30 |
|