Bug 14431

Summary: Security: CVE-2008-0658
Product: Sisyphus Reporter: Vladimir V. Kamarzin <vvk>
Component: openldapAssignee: Anton V. Boyarshinov <boyarsh>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: normal    
Priority: P2 CC: boyarsh, imz, klark, ldv, shaba, slev, vitty, viy
Version: unstable   
Hardware: all   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=432008

Description Vladimir V. Kamarzin 2008-02-14 11:31:14 MSK 
CVE-2007-6698:
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated
users to cause a denial of service (crash) via a potentially-successful modify
operation with the NOOP control set to critical, possibly due to a double free
vulnerability.

+ в 2.3.39 похожая ошибка (см. url) - CVE-2008-0658
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows
remote authenticated users to cause a denial of service (daemon crash) via a
modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to
CVE-2007-6698.
Comment 1 Vladimir V. Kamarzin 2008-02-14 15:14:40 MSK 
Упс, я не посмотрел какая именно версия в сизифе. CVE-2007-6698 к ней не относится.
Comment 2 Vladimir V. Kamarzin 2008-02-26 08:21:06 MSK 
openldap - LDAP libraries and sample clients
* Mon Feb 25 2008 Dmitry Lebkov <dlebkov@altlinux> 2.3.41-alt1
- 2.3.41
  + fix for CVE-2008-0658 (#14431)
* Mon Oct 29 2007 Dmitry Lebkov <dlebkov@altlinux> 2.3.39-alt1