Bug 359851 - (CVE-2007-5707) CVE-2007-5707 openldap slapd DoS via objectClasses attribute
CVE-2007-5707 openldap slapd DoS via objectClasses attribute
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
source=gentoo,reported=20071029,publi...
: Security
Depends On: 359981 359991 360001 360011 360081 360091 362991
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-31 05:53 EDT by Tomas Hoger
Modified: 2009-07-29 10:13 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-20 11:46:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-10-31 05:53:53 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5707 to the following vulnerability:

OpenLDAP before 2.3.39 allows remote attackers to cause a denial of
service (slapd crash) via an LDAP request with a malformed
objectClasses attribute.  NOTE: this has been reported as a
double-free, but the reports are inconsistent.

References:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5119
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632
http://www.openldap.org/lists/openldap-announce/200710/msg00001.html
http://www.securityfocus.com/bid/26245 
http://www.frsirt.com/english/advisories/2007/3645
http://secunia.com/advisories/27424
Comment 10 Fedora Update System 2007-11-06 11:05:31 EST
openldap-2.3.39-1.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openldap'
Comment 13 Fedora Update System 2007-11-09 18:48:53 EST
openldap-2.3.39-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2007-11-09 18:54:27 EST
openldap-2.3.34-4.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openldap'
Comment 15 Fedora Update System 2007-11-20 12:47:51 EST
openldap-2.3.34-4.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.