Bug 14431 - Security: CVE-2008-0658
Summary: Security: CVE-2008-0658
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: openldap (show other bugs)
Version: unstable
Hardware: all Linux
: P2 normal
Assignee: Anton V. Boyarshinov
QA Contact: qa-sisyphus
URL: https://bugzilla.redhat.com/show_bug....
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-14 11:31 MSK by Vladimir V. Kamarzin
Modified: 2008-02-26 08:21 MSK (History)
8 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir V. Kamarzin 2008-02-14 11:31:14 MSK
CVE-2007-6698:
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated
users to cause a denial of service (crash) via a potentially-successful modify
operation with the NOOP control set to critical, possibly due to a double free
vulnerability.

+ в 2.3.39 похожая ошибка (см. url) - CVE-2008-0658
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows
remote authenticated users to cause a denial of service (daemon crash) via a
modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to
CVE-2007-6698.
Comment 1 Vladimir V. Kamarzin 2008-02-14 15:14:40 MSK
Упс, я не посмотрел какая именно версия в сизифе. CVE-2007-6698 к ней не относится.
Comment 2 Vladimir V. Kamarzin 2008-02-26 08:21:06 MSK
openldap - LDAP libraries and sample clients
* Mon Feb 25 2008 Dmitry Lebkov <dlebkov@altlinux> 2.3.41-alt1
- 2.3.41
  + fix for CVE-2008-0658 (#14431)
* Mon Oct 29 2007 Dmitry Lebkov <dlebkov@altlinux> 2.3.39-alt1