Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 5 Feb 2015 21:51:22 -0800
From: Ryan Tandy <ryan@...dis.ca>
To: oss-security@...ts.openwall.com
Cc: pkg-openldap-devel@...ts.alioth.debian.org, security@...ian.org
Subject: CVE request: two OpenLDAP DoS issues

Hi,

OpenLDAP slapd has two bugs that allow a remote unauthenticated client 
to crash the LDAP server.

The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL 
pointer when a search request includes the Deref control with an empty 
list of attributes to return (missing input validation).

Fix:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=c32e74763f77675b9e144126e375977ed6dc562c

References:
http://www.openldap.org/its/?findid=8027
http://bugs.debian.org/776988

Certain search queries including the Matched Values control can trigger 
a double free in slapd 2.4.40 when freeing operation controls. This is a 
regression in 2.4.40, no earlier releases are affected.

Fix:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a

References:
http://www.openldap.org/its/?findid=8046
http://bugs.debian.org/776991

May we have CVEs assigned to these, please?

thanks,
Ryan

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.