Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 7: 2020-0407 Moderate: OpenLDAP Denial of Service Risk

mageia
Calendar Grey November 10, 2020
Dist Mageia Esm H88
A security bulletin has been issued for recent Mageia updates regarding OpenLDAP, addressing a significant denial of service vulnerability associated with the slapd daemon.
A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP

Summary

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet (CVE-2020-25692).
Also, the PID file path in the systemd service was fixed to use /run as the$ parent, rather than /var/run, eliminating warning messages in the logs.

References

- https://bugs.mageia.org/show_bug.cgi?id=26768

- https://bugs.openldap.org/show_bug.cgi?id=9370

- https://lists.debian.org/debian-security-announce/2020/msg00189.html

- https://www.cve.org/CVERecord?id=CVE-2020-25692

Topics%20covered

Topics Covered

security advisory remote exploit OpenLDAP dos attack daemon crash Mageia normalization issue

Resolution

SRPMS

- 7/core/openldap-2.4.50-1.2.mga7

Publication date: 10 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0407.html
Type: security
CVE: CVE-2020-25692

Topics%20covered

Topics Covered

security advisory remote exploit OpenLDAP dos attack daemon crash Mageia normalization issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here