Ubuntu: OpenLDAP vulnerabilities

    Date05 Mar 2008
    CategoryUbuntu
    2796
    Posted ByLinuxSecurity Advisories
    Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and the NOOP control was used. An authenticated user with modify permissions could send a crafted modify request and cause a denial of service via application crash. Ubuntu 7.10 is not affected by this issue. (CVE-2007-6698)
    =========================================================== 
    Ubuntu Security Notice USN-584-1             March 05, 2008
    openldap2.2, openldap2.3 vulnerabilities
    CVE-2007-6698, CVE-2008-0658
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 6.10
    Ubuntu 7.04
    Ubuntu 7.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      slapd                           2.2.26-5ubuntu2.6
    
    Ubuntu 6.10:
      slapd                           2.2.26-5ubuntu3.3
    
    Ubuntu 7.04:
      slapd                           2.3.30-2ubuntu0.2
    
    Ubuntu 7.10:
      slapd                           2.3.35-1ubuntu0.2
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    Jonathan Clarke discovered that the OpenLDAP slapd server did not
    properly handle modify requests when using the Berkeley DB backend
    and the NOOP control was used. An authenticated user with modify
    permissions could send a crafted modify request and cause a denial
    of service via application crash. Ubuntu 7.10 is not affected by
    this issue. (CVE-2007-6698)
    
    Ralf Haferkamp discovered that the OpenLDAP slapd server did not
    properly handle modrdn requests when using the Berkeley DB backend
    and the NOOP control was used. An authenticated user with modrdn
    permissions could send a crafted modrdn request and possibly cause a
    denial of service via application crash. (CVE-2007-6698)
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.6.diff.gz
          Size/MD5:   513643 5ec2226be9a7a7ed4b08c8c129943979
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.6.dsc
          Size/MD5:     1020 fa23dada98476932fb1e8c1e6d47a143
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
          Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_amd64.deb
          Size/MD5:   130552 9e5d6589617f2c98632b8c7c5a4f2afc
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_amd64.deb
          Size/MD5:   165976 68032a07f814ef62556b539b17531161
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_amd64.deb
          Size/MD5:   961572 6074803431925962b7500f1223ecba0e
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_i386.deb
          Size/MD5:   118396 b8864fd7cb61e88cf5bd15ed5c87ce38
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_i386.deb
          Size/MD5:   146100 27c057986763be36fd3b267ba1844bb2
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_i386.deb
          Size/MD5:   873016 c392b5a10d1973fe2d6c264d496a0424
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_powerpc.deb
          Size/MD5:   132736 a21157c2d376e3b4cdd7fdb2e3b97a2e
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_powerpc.deb
          Size/MD5:   157168 a935b8931a79ec692fa3d10357feb811
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_powerpc.deb
          Size/MD5:   959554 bd801628bccfdc5624d9386d0fb6c2d1
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_sparc.deb
          Size/MD5:   120696 8efb65196a17efc1b397cadc874eb201
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_sparc.deb
          Size/MD5:   148180 83781a94080002f4363d2fd557cec845
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_sparc.deb
          Size/MD5:   903560 0ed257e45f1ae749cb3a0b4591328db4
    
    Updated packages for Ubuntu 6.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.3.diff.gz
          Size/MD5:   514824 2e3cf6b4dbcfc951d00875df98394a0e
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.3.dsc
          Size/MD5:     1020 4cb25054b1a571a1c228d06b6fa8872a
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
          Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_amd64.deb
          Size/MD5:   130748 cec7e5a6bbd103d02f59b171e6d3cc62
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_amd64.deb
          Size/MD5:   166720 eddb5a050a7637767c89f7f84b686bfc
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_amd64.deb
          Size/MD5:   958496 551d5753a74f213bfc2cfd30849beae5
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_i386.deb
          Size/MD5:   121340 35ae855094d28ba27c6adbd2dbe52125
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_i386.deb
          Size/MD5:   152528 69a0aff9de16526d748439e3c7328ed3
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_i386.deb
          Size/MD5:   900950 a594fcc12375717e00501ea309d19eff
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_powerpc.deb
          Size/MD5:   133704 fe69e3b733b16e50360836197f7cecdc
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_powerpc.deb
          Size/MD5:   158892 7310d1dd87e09123350b9338ebf20216
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_powerpc.deb
          Size/MD5:   966698 424729c177d675a259d311d10aebbb18
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_sparc.deb
          Size/MD5:   121598 f43c977b60ba22fa469141867d6bcfb2
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_sparc.deb
          Size/MD5:   149344 766dab29f1fd99af475b331440c4c4cc
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_sparc.deb
          Size/MD5:   909576 733c2d21d553061af3bfb4d6792a24d1
    
    Updated packages for Ubuntu 7.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.2.diff.gz
          Size/MD5:   140603 0f1ab4e378c92fb2e12887ec9046e0cc
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.2.dsc
          Size/MD5:     1295 ee74d8bd01147a16a304705477171875
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
          Size/MD5:  2971126 c40bcc23fa65908b8d7a86a4a6061251
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_amd64.deb
          Size/MD5:   187680 68efce79af7efe0a1d08201060361653
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_amd64.deb
          Size/MD5:   292344 da795196baacdaac42894aa055629bea
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_amd64.deb
          Size/MD5:  1228068 36e10789bdb22aa92428ec6d77d297b7
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_i386.deb
          Size/MD5:   156110 034749aedc798753db0d9541c2c8b74e
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_i386.deb
          Size/MD5:   267460 f0ffcab028cd2237b6dad5592c454659
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_i386.deb
          Size/MD5:  1154810 73212a3a90a50d0fa342e886b61993f3
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_powerpc.deb
          Size/MD5:   203704 6f1d507298df6933ce5ac77fb52ebfb2
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_powerpc.deb
          Size/MD5:   294438 882c7302c977a3ef131b217ec8851eb7
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_powerpc.deb
          Size/MD5:  1280484 2b30e19235b699552a37db6aaa40e874
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_sparc.deb
          Size/MD5:   164430 d2e7b34d207937643dc45a3cdebd7e93
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_sparc.deb
          Size/MD5:   264284 245d63568559de9d2692b59e45a78462
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_sparc.deb
          Size/MD5:  1169954 44205386809e93336c4610c43fda8786
    
    Updated packages for Ubuntu 7.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.2.diff.gz
          Size/MD5:   151903 2cd8ba0d9c70957b9956e427809578b7
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.2.dsc
          Size/MD5:     1305 57e636f0f209825bdab902f327bc5c9a
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35.orig.tar.gz
          Size/MD5:  2947629 5096146b7a7eb6ce3b0a97549347b5be
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_amd64.deb
          Size/MD5:   190006 3163216fad39b4f6f6eeb1d5a7a0dee6
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_amd64.deb
          Size/MD5:   347150 1ee13cb4baf6332cfc41842c56f24cbc
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_amd64.deb
          Size/MD5:  1296380 c833d82c46dcf383895269e4382fdb44
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_i386.deb
          Size/MD5:   155416 a55085d0ddd8c5efcf922cb4654ee432
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_i386.deb
          Size/MD5:   314722 1e36f20fb6a2c7edf227a32e7c15702d
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_i386.deb
          Size/MD5:  1216432 1e3cef622a3763e3f52c71cf799caf67
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_powerpc.deb
          Size/MD5:   205216 25bf9ad7302ac5bfdd7aa17316bbfc7d
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_powerpc.deb
          Size/MD5:   345862 3891c829c88334a631e29d3ab65f970e
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_powerpc.deb
          Size/MD5:  1345548 2b31e34aeb9db8cf819e5e9f64fb2499
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_sparc.deb
          Size/MD5:   166440 9729d0640a24245d806a1eaa4da57e25
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_sparc.deb
          Size/MD5:   306882 7b8e476dcc15ce5d9d7b36de14617559
        http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_sparc.deb
          Size/MD5:  1229006 496bc48c65314709cb2bb0f2570b7881
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.