Bug 359851 (CVE-2007-5707) - CVE-2007-5707 openldap slapd DoS via objectClasses attribute
Summary: CVE-2007-5707 openldap slapd DoS via objectClasses attribute
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2007-5707
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Depends On: 359981 359991 360001 360011 360081 360091 362991
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-10-31 09:53 UTC by Tomas Hoger
Modified: 2019-09-29 12:22 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-12-20 16:46:42 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:1037 0 normal SHIPPED_LIVE Important: openldap security and enhancement update 2007-11-08 16:54:04 UTC
Red Hat Product Errata RHSA-2007:1038 0 normal SHIPPED_LIVE Moderate: openldap security and enhancement update 2007-11-15 16:46:19 UTC

Description Tomas Hoger 2007-10-31 09:53:53 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5707 to the following vulnerability:

OpenLDAP before 2.3.39 allows remote attackers to cause a denial of
service (slapd crash) via an LDAP request with a malformed
objectClasses attribute.  NOTE: this has been reported as a
double-free, but the reports are inconsistent.

References:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5119
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632
http://www.openldap.org/lists/openldap-announce/200710/msg00001.html
http://www.securityfocus.com/bid/26245 
http://www.frsirt.com/english/advisories/2007/3645
http://secunia.com/advisories/27424

Comment 10 Fedora Update System 2007-11-06 16:05:31 UTC
openldap-2.3.39-1.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openldap'

Comment 13 Fedora Update System 2007-11-09 23:48:53 UTC
openldap-2.3.39-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2007-11-09 23:54:27 UTC
openldap-2.3.34-4.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openldap'

Comment 15 Fedora Update System 2007-11-20 17:47:51 UTC
openldap-2.3.34-4.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.