USN-634-1: OpenLDAP vulnerability

08-01-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-634-1: OpenLDAP vulnerability

Referenced CVEs:
CVE-2008-2952

Description:
=========================================================== Ubuntu Security Notice USN-634-1 August 01, 2008 openldap2.2, openldap2.3 vulnerability CVE-2008-2952 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: slapd 2.2.26-5ubuntu2.8 Ubuntu 7.04: slapd 2.3.30-2ubuntu0.3 Ubuntu 7.10: slapd 2.3.35-1ubuntu0.3 Ubuntu 8.04 LTS: slapd 2.4.9-0ubuntu0.8.04.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Cameron Hotchkies discovered that OpenLDAP did not correctly handle certain ASN.1 BER data. A remote attacker could send a specially crafted packet and crash slapd, leading to a denial of service.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

LDAP_MEMORY(3) Library Functions Manual LDAP_MEMORY(3) NAME
ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup - LDAP memory allocation routines LIBRARY
OpenLDAP LDAP (libldap, -lldap) SYNOPSIS
#include <ldap.h> void ldap_memfree(void *p); void ldap_memvfree(void **v); void *ldap_memalloc(ber_len_t s); void *ldap_memcalloc(ber_len_t n, ber_len_t s); void *ldap_memrealloc(void *p, ber_len_t s); char *ldap_strdup(LDAP_CONST char *p); DESCRIPTION
These routines are used to allocate/deallocate memory used/returned by the LDAP library. ldap_memalloc(), ldap_memcalloc(), ldap_memreal- loc(), and ldap_memfree() are used exactly like the standard malloc(3), calloc(3), realloc(3), and free(3) routines, respectively. The ldap_memvfree() routine is used to free a dynamically allocated array of pointers to arbitrary dynamically allocated objects. The ldap_strdup() routine is used exactly like the standard strdup(3) routine. SEE ALSO
ldap(3) ACKNOWLEDGEMENTS
OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. OpenLDAP Software is derived from Uni- versity of Michigan LDAP 3.3 Release. OpenLDAP 2.4.11 2008/07/16 LDAP_MEMORY(3)

Security Advisories (RSS)

USN-634-1: OpenLDAP vulnerability

LEARN ABOUT OSX

ldap_memrealloc