[Pkg-openldap-devel] Bug#465875: slapd: CVE-2008-0658 denial of service for authenticated users in the BDB backend
Nico Golde
nion at debian.org
Fri Feb 15 13:30:42 UTC 2008
Package: slapd
Version: 2.3.39-1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for slapd.
CVE-2008-0658[0]:
| slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP
| 2.3.39 allows remote authenticated users to cause a denial of service
| (daemon crash) via a modrdn operation with a NOOP
| (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
You can find a patch for this on:
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198&f=h
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0658
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20080215/ab69bd21/attachment.pgp
More information about the Pkg-openldap-devel
mailing list