6.06 LTS: CVE-2007-6698, CVE-2008-0658

Bug #197077 reported by xormar
254
Affects Status Importance Assigned to Milestone
openldap2.2 (Ubuntu)
Fix Released
Medium
Martin Pitt
Dapper
Fix Released
Undecided
Jamie Strandboge
Edgy
Fix Released
Undecided
Jamie Strandboge
Feisty
Fix Released
Medium
Emanuele Gentili
Gutsy
Fix Released
Medium
Emanuele Gentili
Hardy
Fix Released
Medium
Martin Pitt

Bug Description

From all I've read, CVE-2007-6698, CVE-2008-0658 have not yet been adressed in dapper 6.06 LTS or elsewhere in ubuntu (package's changelog notes nothing).

CVE-2007-6698:
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.

CVE-2008-0658:
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.

Revision history for this message
Emanuele Gentili (emgent) wrote :

CVE-2007-6698 seems already fixed in gutsy.

Revision history for this message
Emanuele Gentili (emgent) wrote :

+openldap2.3 (2.3.35-1ubuntu0.2) gutsy-security; urgency=low
+
+ * SECURITY UPDATE:
+ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
+ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
+ allows remote authenticated users to cause a denial of service (daemon crash)
+ via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
+ issue to CVE-2007-6698.
+
+ * References
+ - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
+ - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
+
+ -- Emanuele Gentili <email address hidden> Sun, 02 Mar 2008 15:20:13 +0100

Revision history for this message
xormar (public-wernig) wrote :

I didn't find any reference to CVE-2007-6698 in gutsy.
Is this also going into dapper LTS?

Revision history for this message
Emanuele Gentili (emgent) wrote :
Revision history for this message
Emanuele Gentili (emgent) wrote :

For gutsy, CVE-2007-6698 was patched. in dapper i will see.
http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html

Changed in openldap2.2:
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Emanuele Gentili (emgent) wrote :

feisty <= are vulnerable to CVE 2007-6698 and CVE 2008-0658, i will release all fix.
Thanks for your help xormar.

Revision history for this message
Martin Pitt (pitti) wrote :

Taking for sponsoring, thanks Emanuele!

Changed in openldap2.2:
assignee: nobody → pitti
Changed in openldap2.2:
assignee: nobody → emgent
importance: Undecided → Medium
status: New → In Progress
assignee: nobody → emgent
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Emanuele Gentili (emgent) wrote :
Changed in openldap2.2:
assignee: nobody → jamie-strandboge
assignee: nobody → jamie-strandboge
Changed in openldap2.2:
status: New → In Progress
status: New → In Progress
Changed in openldap2.2:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Changed in openldap2.2:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low

  * Merge from Debian unstable, remaining changes:
    + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
      slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
      allows remote authenticated users to cause a denial of service (daemon
      crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
      control, a related issue to CVE-2007-6698.
    + debian/apparmor-profile: add AppArmor profile
    + debian/slapd.postinst: Reload AA profile on configuration
    + updated debian/slapd.README.Debian for note on AppArmor
    + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
      should now take control
    + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
      to make sure that if earlier version of apparmor-profiles gets
      installed it won't overwrite our profile
    + Modify Maintainer value to match the DebianMaintainerField
      specification.

 -- Steve Langasek <email address hidden> Tue, 04 Mar 2008 01:59:51 +0000

Changed in openldap2.2:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.