NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q3

[sec-adv] Conectiva update for OpenLDAP

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Jul 09 2003 - 04:53:34 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Conectiva update for OpenLDAP

READ ONLINE:
http://www.secunia.com/advisories/9203/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:

Conectiva Linux 9

SOFTWARE:
OpenLDAP 2.x

DESCRIPTION:
Conectiva has issued updated packages for OpenLDAP. These fix an
older vulnerability, which can be exploited by malicious people to
cause a DoS (Denial of Service) on a vulnerable system.

The problem is that during the authentication process a failed
password extended operation can result in OpenLDAP trying to free an
uninitialised structure. This causes the program to crash.

The vulnerability only exists when using the back-ldbm backend, which
reportedly also has a memory leak.

SOLUTION:
This was fixed in OpenLDAP version 2.1.17.

Updated packages:

-- Conectiva Linux 9 --

ftp://atualizacoes.conectiva.com.br/9/RPMS/openldap-2.1.21-31798U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openldap-client-2.1.21-31798U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openldap-devel-2.1.21-31798U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openldap-devel-static-2.1.21-31798U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openldap-doc-2.1.21-31798U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openldap-server-2.1.21-31798U90_1cl.i386.rpm

SRPM:
ftp://atualizacoes.conectiva.com.br/9/SRPMS/openldap-2.1.21-31798U90_1cl.src.rpm

REPORTED BY / CREDITS:
Ralf Haferkamp

ORIGINAL ADVISORY:
http://www.openldap.org/its/index.cgi?findid=2390

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]