From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200403-12.xml | 68 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 metadata/glsa/glsa-200403-12.xml (limited to 'metadata/glsa/glsa-200403-12.xml') diff --git a/metadata/glsa/glsa-200403-12.xml b/metadata/glsa/glsa-200403-12.xml new file mode 100644 index 000000000000..b04d50e95406 --- /dev/null +++ b/metadata/glsa/glsa-200403-12.xml @@ -0,0 +1,68 @@ + + + + OpenLDAP DoS Vulnerability + + A failed password operation can cause the OpenLDAP slapd server, if it is + using the back-ldbm backend, to free memory that was never allocated. + + openldap + 2004-03-31 + 2006-05-22: 02 + 26728 + remote + + + 2.1.13 + 2.1.12 + + + +

+ OpenLDAP is a suite of LDAP-related application and development tools. + It includes slapd (the standalone LDAP server), slurpd (the standalone + LDAP replication server), and various LDAP libraries, utilities and + example clients. +

+ + +

+ A password extended operation (password EXOP) which fails will cause + the slapd server to free() an uninitialized pointer, possibly resulting + in a segfault. This only affects servers using the back-ldbm backend. +

+

+ Such a crash is not guaranteed with every failed operation, however, it + is possible. +

+ + +

+ An attacker (or indeed, a normal user) may crash the OpenLDAP server, + creating a Denial of Service condition. +

+ + +

+ A workaround is not currently known for this issue. All users are + advised to upgrade to the latest version of the affected package. +

+ + +

+ OpenLDAP users should upgrade to version 2.1.13 or later: +

+ + # emerge sync + + # emerge -pv ">=net-nds/openldap-2.1.13" + # emerge ">=net-nds/openldap-2.1.13" + + + OpenLDAP ITS Bug and Patch + CVE-2003-1201 + + + DerCorny + + -- cgit v1.2.3