[CVE-2007-5708] openldap 2.3
Bug #162162 reported by
Stephan Rügamer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap2.2 (Ubuntu) |
Invalid
|
Undecided
|
Jamie Strandboge | ||
openldap2.3 (Ubuntu) |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Bug Description
Dear Colleagues,
openldap2.3 in feisty and gutsy is exploitable:
From http://
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initiialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.
Please find attached debdiffs for feisty and gutsy. For dapper and edgy (openldap2.2) I need to check for patches.
Regards,
\sh
Changed in openldap2.2: | |
assignee: | nobody → jamie-strandboge |
status: | New → In Progress |
Changed in openldap2.3: | |
status: | In Progress → Fix Released |
Changed in openldap2.2: | |
status: | In Progress → Fix Released |
status: | Fix Released → Invalid |
To post a comment you must log in.
CVE-2007-5707 is also hanging...
I'll provide updated debdiffs...