[CVE-2007-5707] OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash)

Bug #163740 reported by Stephan Ruegamer on 2007-11-19
254
Affects Status Importance Assigned to Milestone
openldap2.2 (Ubuntu)
Undecided
Unassigned
Dapper
Medium
Stephan Ruegamer
Edgy
Medium
Stephan Ruegamer
Feisty
Undecided
Unassigned
Gutsy
Undecided
Unassigned
Hardy
Undecided
Unassigned
openldap2.3 (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Edgy
Undecided
Unassigned
Feisty
Medium
Jamie Strandboge
Gutsy
Medium
Jamie Strandboge
Hardy
Undecided
Unassigned

Bug Description

Dear Colleagues,

OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double-free, but the reports are inconsistent.

CVE References

Stephan Ruegamer (sadig) on 2007-11-19
Changed in openldap2.2:
assignee: nobody → shermann
status: New → In Progress
Stephan Ruegamer (sadig) wrote :
Kees Cook (kees) wrote :

Thanks for getting these ready. openldap2.3 needs updates too. I will work on getting those prepared.

Changed in openldap2.2:
assignee: shermann → nobody
status: In Progress → Fix Released
assignee: nobody → shermann
importance: Undecided → Medium
status: New → In Progress
assignee: nobody → shermann
status: New → In Progress
importance: Undecided → Medium
status: New → Invalid
status: New → Invalid
status: Fix Released → Invalid
Changed in openldap2.3:
status: New → Fix Released
status: New → Invalid
status: New → Invalid
assignee: nobody → keescook
importance: Undecided → Medium
status: New → Triaged
assignee: nobody → keescook
importance: Undecided → Medium
status: New → Triaged
Stephan Ruegamer (sadig) wrote :

Hi Kees,

they are there :)

https://launchpad.net/bugs/162162

Changed in openldap2.3:
assignee: keescook → jamie-strandboge
status: Triaged → In Progress
assignee: keescook → jamie-strandboge
status: Triaged → In Progress
Changed in openldap2.2:
status: In Progress → Fix Released
status: In Progress → Fix Released
Changed in openldap2.3:
status: In Progress → Fix Released
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers