oss-sec mailing list archives
Re: CVE request: two OpenLDAP DoS issues
From: cve-assign () mitre org
Date: Sat, 7 Feb 2015 07:39:59 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
OpenLDAP slapd has two bugs that allow a remote unauthenticated client to crash the LDAP server. The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL pointer when a search request includes the Deref control with an empty list of attributes to return (missing input validation). http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c http://www.openldap.org/its/?findid=8027 http://bugs.debian.org/776988
Use CVE-2015-1545.
Certain search queries including the Matched Values control can trigger a double free in slapd 2.4.40 when freeing operation controls. This is a regression in 2.4.40, no earlier releases are affected. http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a http://www.openldap.org/its/?findid=8046 http://bugs.debian.org/776991
Use CVE-2015-1546. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU1gclAAoJEKllVAevmvms8AMIAIG/qdU+6kjgw2l8oZCHUYJo 2UGU/fZ0qAJK9w3pVfxdllmgc+ZtWmQz1Yz7Hb24+EShFakbFrHbyjFaGlPF3O7F FcCyAv05C4Um4bM5Qs1joXdaZ2E/ZgCDmLoF5+13Y6f3ZfXTZFgPgrCZKbctjXaq TnnNYV5OuU+m0AzWlcT/IMy2FmvzbS6atBhQupJdCr3X5jBTDsfRiJflA+l2HAB5 PTh23/YhN+g/HLWzJ10jSgIAoi9hC5h+0pu/u0dzLSFWRr7HNVLfOIOsjpUsi+mR ulm3fU6fJj3TzqMGnNhdLGSjDbegpTkKwg2Izzx6VdGAmLLndaUbLmAQeUuG47I= =enpu -----END PGP SIGNATURE-----
Current thread:
- CVE request: two OpenLDAP DoS issues Ryan Tandy (Feb 05)
- Re: CVE request: two OpenLDAP DoS issues cve-assign (Feb 07)