[Kolab-devel] [issue2643] openldap: various DoS vulnerabilities

[Thomas Arendsen Hein]

New submission from Thomas Arendsen Hein <thomas at intevation.de>:

Debian Security Advisory DSA-1541-1:

Package        : openldap2.3
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-5707 CVE-2007-5708 CVE-2007-6698 CVE-2008-0658
Debian Bug     : 440632 448644 465875

Several remote vulnerabilities have been discovered in OpenLDAP, a
free implementation of the Lightweight Directory Access Protocol. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2007-5707

    Thomas Sesselmann discovered that slapd could be crashed by a
    malformed modify requests.

CVE-2007-5708

    Toby Blade discovered that incorrect memory handling in slapo-pcache
    could lead to denial of service through crafted search requests.

CVE-2007-6698

    It was discovered that a programming error in the interface to the
    BDB storage backend could lead to denial of service through
    crafted modify requests.

CVE-2008-0658

    It was discovered that a programming error in the interface to the
    BDB storage backend could lead to denial of service through
    crafted modrdn requests.

For the stable distribution (etch), these problems have been fixed in
version 2.3.30-5+etch1.

For the unstable distribution (sid), these problems have been fixed in
version 2.4.7-6.1.

We recommend that you upgrade your openldap2.3 packages.

----------
assignedto: thomas
messages: 14501
nosy: bernhard, martin, thomas, till, wilde, wrobel
priority: urgent
status: unread
title: openldap: various DoS vulnerabilities
topic: release, server
___________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://www.intevation.de/roundup/kolab/issue2643>
___________________________________________________