[CVE-2007-5707] OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash)
Bug #163740 reported by
Stephan Rügamer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap2.2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
Medium
|
Stephan Rügamer | ||
Edgy |
Fix Released
|
Medium
|
Stephan Rügamer | ||
Feisty |
Invalid
|
Undecided
|
Unassigned | ||
Gutsy |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
openldap2.3 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Edgy |
Invalid
|
Undecided
|
Unassigned | ||
Feisty |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Gutsy |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Dear Colleagues,
OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double-free, but the reports are inconsistent.
CVE References
Changed in openldap2.2: | |
assignee: | nobody → shermann |
status: | New → In Progress |
Changed in openldap2.3: | |
assignee: | keescook → jamie-strandboge |
status: | Triaged → In Progress |
assignee: | keescook → jamie-strandboge |
status: | Triaged → In Progress |
Changed in openldap2.2: | |
status: | In Progress → Fix Released |
status: | In Progress → Fix Released |
Changed in openldap2.3: | |
status: | In Progress → Fix Released |
status: | In Progress → Fix Released |
To post a comment you must log in.
Thanks for getting these ready. openldap2.3 needs updates too. I will work on getting those prepared.