USN-634-1: OpenLDAP vulnerability

08-01-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-634-1: OpenLDAP vulnerability

Referenced CVEs:
CVE-2008-2952

Description:
=========================================================== Ubuntu Security Notice USN-634-1 August 01, 2008 openldap2.2, openldap2.3 vulnerability CVE-2008-2952 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: slapd 2.2.26-5ubuntu2.8 Ubuntu 7.04: slapd 2.3.30-2ubuntu0.3 Ubuntu 7.10: slapd 2.3.35-1ubuntu0.3 Ubuntu 8.04 LTS: slapd 2.4.9-0ubuntu0.8.04.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Cameron Hotchkies discovered that OpenLDAP did not correctly handle certain ASN.1 BER data. A remote attacker could send a specially crafted packet and crash slapd, leading to a denial of service.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

LDAP_TLS(3) Library Functions Manual LDAP_TLS(3) NAME
ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls - LDAP TLS initialization routines LIBRARY
OpenLDAP LDAP (libldap, -lldap) SYNOPSIS
#include <ldap.h> int ldap_start_tls(LDAP *ld); int ldap_start_tls_s(LDAP *ld, LDAPControl **serverctrls, LDAPControl **clientctrls); int ldap_tls_inplace(LDAP *ld); int ldap_install_tls(LDAP *ld); DESCRIPTION
These routines are used to initiate TLS processing on an LDAP session. ldap_start_tls_s() sends a StartTLS request to a server, waits for the reply, and then installs TLS handlers on the session if the request succeeded. The routine returns LDAP_SUCCESS if everything suc- ceeded, otherwise it returns an LDAP error code. ldap_start_tls() sends a StartTLS request to a server and does nothing else. It returns LDAP_SUCCESS if the request was sent successfully. ldap_tls_inplace() returns 1 if TLS handlers have been installed on the specified ses- sion, 0 otherwise. ldap_install_tls() installs the TLS handlers on the given session. It returns LDAP_LOCAL_ERROR if TLS is already installed. SEE ALSO
ldap(3), ldap_error(3) ACKNOWLEDGEMENTS
OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. OpenLDAP Software is derived from Uni- versity of Michigan LDAP 3.3 Release. OpenLDAP 2.4.11 2008/07/16 LDAP_TLS(3)

Security Advisories (RSS)

USN-634-1: OpenLDAP vulnerability

LEARN ABOUT OSX

ldap_tls_inplace