Bug 197446 - net-nds/openldap < 2.3.39-r1 app-emulation/emul-linux-x86-baselibs <20071128 Denial of Service Vulnerabilities (CVE-2007-{5707,5708})
|
Bug#:
197446
(CVE-2007-5707)
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: minor
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: keytoaster@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://secunia.com/advisories/27424/
|
|
Summary: net-nds/openldap < 2.3.39-r1 app-emulation/emul-linux-x86-baselibs <20071128 Denial of Service Vulnerabilities (CVE-2007-{5707,5708})
|
|
Keywords:
|
|
Status Whiteboard: B3 [glsa]
|
|
Opened: 2007-10-29 19:20 0000
|
Some vulnerabilities have been reported in OpenLDAP, which can be
exploited by malicious users to cause a DoS (Denial of Service).
1) A vulnerability is caused due to the "add_filter_attrs()" function
in servers/slapd/overlay/pcache.c not correctly NULL terminating
"new_attrs", which can be exploited to crash slapd due to an out of
bounds memory access.
Successful exploitation may require that slapd runs as proxy-caching
server.
2) An error within the normalisation of "objectClasses" can be
exploited to crash a vulnerable server by sending a malformed
"objectClasses" attribute.
The vulnerabilities are reported in versions prior to 2.3.39.
Note: Several other bugs, which may have a security impact, were also
reported.
SOLUTION:
Update to version 2.3.39.
2.3.39 has been added to the tree a few hours ago. Is this version ready to be
stabilised? ldap team, please advise.
do it :)
arches please use the testkit with overlays useflag set (and without if you
feel like spending more time)
well given that it's only just been added and we haven't filed a stabilization
bug i'd guess it's NOT ready to be stabilized. In light of the advisory though
we can probably speed it up. Having read all the advisories though, it doesn't
seem to be a major issue, in fact contrary to what I saw some classify the bug
as, it does require special compile configuration and authorized access to add
things to the DIT. In other words the impact is lessened considerably if you
are running a normal recommended setup where you don't allow anonymous people
to make modifications to your LDAP backend. I'll see if I can get hold of
robbat / jokey and find out there thoughts, we'll look to stabilize it soon
though.
markus your overlay use flag still breaks all the syncrepl stuff. I'd like to
fix it before we push it out. I'll catch you on irc.
ok, ping security back when it's ready.
*** Bug 195180 has been marked as a duplicate of this bug. ***
After ~arch for a week, how is it doing?
Enabled the syncprov overlay now by default so that it works sanely with
new-style config system with 2.3.39-r1
Is this ready for stabling now?
Jokey, I remember you OK'ed the stabling in a recent chat, but I lost the logs.
Can you confirm that again, please?
Yup, just go ahead for now, the bdb issue will be dealt with at a different
version
Arches, please test and mark stable net-nds/openldap-2.3.39-r1.
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
*sigh* you'll need a emul-linux-x86-baselibs bump too...
(In reply to comment #13)
> *sigh* you'll need a emul-linux-x86-baselibs bump too...
copy that sigh.
(In reply to comment #14)
> (In reply to comment #13)
> > *sigh* you'll need a emul-linux-x86-baselibs bump too...
>
> copy that sigh.
>
app-emulation/emul-linux-x86-baselibs-20071128 going in the tree in an hour
contains the fix.
vote is open.
Vulnerability (1) does not affect the default configuration and vulnerability
(2) only allows *authenticated* users to crash the server.
I still tend to vote YES here.
