[Pkg-openldap-devel] Bug#448644: CVE-2007-5708 remote denial of service

[Nico Golde]

Package: slapd
Version: 2.3.38
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for slapd.

CVE-2007-5708[0]:
Name: CVE-2007-5708
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5708
Reference: MISC:http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632
Reference: MLIST:[openldap-announce] 20071026 OpenLDAP 2.3.39 available
Reference: URL:http://www.openldap.org/lists/openldap-announce/200710/msg00001.html
Reference: BID:26245
Reference: URL:http://www.securityfocus.com/bid/26245
Reference: FRSIRT:ADV-2007-3645
Reference: URL:http://www.frsirt.com/english/advisories/2007/3645
Reference: SECUNIA:27424
Reference: URL:http://secunia.com/advisories/27424

slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39,
when running as a proxy-caching server, allocates memory using a
malloc variant instead of calloc, which prevents an array from being
initiialized properly and might allow attackers to cause a denial of
service (segmentation fault) via unknown vectors that prevent the
array from being null terminated.

This information is not yet on the mitre site but it seems to be public.
A fix for this can be found on:
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/overlays/pcache.c.diff?r1=1.41.2.20&r2=1.41.2.21&hideattic=1&sortbydate=0

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20071030/3d7e013e/attachment.pgp