Date: Thu, 5 Feb 2015 21:51:22 -0800 From: Ryan Tandy <ryan@...dis.ca> To: oss-security@...ts.openwall.com Cc: pkg-openldap-devel@...ts.alioth.debian.org, security@...ian.org Subject: CVE request: two OpenLDAP DoS issues Hi, OpenLDAP slapd has two bugs that allow a remote unauthenticated client to crash the LDAP server. The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL pointer when a search request includes the Deref control with an empty list of attributes to return (missing input validation). Fix: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=c32e74763f77675b9e144126e375977ed6dc562c References: http://www.openldap.org/its/?findid=8027 http://bugs.debian.org/776988 Certain search queries including the Matched Values control can trigger a double free in slapd 2.4.40 when freeing operation controls. This is a regression in 2.4.40, no earlier releases are affected. Fix: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a References: http://www.openldap.org/its/?findid=8046 http://bugs.debian.org/776991 May we have CVEs assigned to these, please? thanks, Ryan Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.