Bug 14431 - Security: CVE-2008-0658
: Security: CVE-2008-0658
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/openldap)
: unstable
: all Linux
: P2 normal
Assigned To:
:
: https://bugzilla.redhat.com/show_bug....
:
:
:
  Show dependency tree
 
Reported: 2008-02-14 11:31 by
Modified: 2008-02-26 08:21 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2008-02-14 11:31:14
CVE-2007-6698:
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated
users to cause a denial of service (crash) via a potentially-successful modify
operation with the NOOP control set to critical, possibly due to a double free
vulnerability.

+ в 2.3.39 похожая ошибка (см. url) - CVE-2008-0658
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows
remote authenticated users to cause a denial of service (daemon crash) via a
modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to
CVE-2007-6698.
------- Comment #1 From 2008-02-14 15:14:40 -------
Упс, я не посмотрел какая именно версия в сизифе. CVE-2007-6698 к ней не
относится.
------- Comment #2 From 2008-02-26 08:21:06 -------
openldap - LDAP libraries and sample clients
* Mon Feb 25 2008 Dmitry Lebkov <dlebkov@altlinux> 2.3.41-alt1
- 2.3.41
  + fix for CVE-2008-0658 (#14431)
* Mon Oct 29 2007 Dmitry Lebkov <dlebkov@altlinux> 2.3.39-alt1