[CVE-2007-5707] OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash)

Bug #163740 reported by Stephan Rügamer
254
Affects Status Importance Assigned to Milestone
openldap2.2 (Ubuntu)
Invalid
Undecided
Unassigned
Dapper
Fix Released
Medium
Stephan Rügamer
Edgy
Fix Released
Medium
Stephan Rügamer
Feisty
Invalid
Undecided
Unassigned
Gutsy
Invalid
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned
openldap2.3 (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Invalid
Undecided
Unassigned
Edgy
Invalid
Undecided
Unassigned
Feisty
Fix Released
Medium
Jamie Strandboge
Gutsy
Fix Released
Medium
Jamie Strandboge
Hardy
Fix Released
Undecided
Unassigned

Bug Description

Dear Colleagues,

OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double-free, but the reports are inconsistent.

CVE References

Changed in openldap2.2:
assignee: nobody → shermann
status: New → In Progress
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Kees Cook (kees) wrote :

Thanks for getting these ready. openldap2.3 needs updates too. I will work on getting those prepared.

Changed in openldap2.2:
assignee: shermann → nobody
status: In Progress → Fix Released
assignee: nobody → shermann
importance: Undecided → Medium
status: New → In Progress
assignee: nobody → shermann
status: New → In Progress
importance: Undecided → Medium
status: New → Invalid
status: New → Invalid
status: Fix Released → Invalid
Changed in openldap2.3:
status: New → Fix Released
status: New → Invalid
status: New → Invalid
assignee: nobody → keescook
importance: Undecided → Medium
status: New → Triaged
assignee: nobody → keescook
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Stephan Rügamer (sruegamer) wrote :

Hi Kees,

they are there :)

https://launchpad.net/bugs/162162

Changed in openldap2.3:
assignee: keescook → jamie-strandboge
status: Triaged → In Progress
assignee: keescook → jamie-strandboge
status: Triaged → In Progress
Changed in openldap2.2:
status: In Progress → Fix Released
status: In Progress → Fix Released
Changed in openldap2.3:
status: In Progress → Fix Released
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.