Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-068-1 openldap -- remote DoS

Related Vulnerabilities: CVE-2001-0977  

The CERT advisory lists a number of vulnerabilities in various LDAP implementations, based on the results of the PROTOS LDAPv3 test suite. These tests found one problem in OpenLDAP, a free LDAP implementation which is shipped as part of Debian GNU/Linux 2.2. The problem is that slapd did not handle packets which had BER fields of invalid length and would crash if it received them. An attacker could use this to mount a remote denial of service attack. This problem has been fixed in version 1.2.12-1, and we recommend that you upgrade your slapd package immediately.

Source

Debian Security Advisory

DSA-068-1 openldap -- remote DoS

Date Reported:
09 Aug 2001
Affected Packages:
openldap
Vulnerable:
Yes
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 3049.
In Mitre's CVE dictionary: CVE-2001-0977.
CERT's vulnerabilities, advisories and incident notes: CA-2001-18.
More information:
The CERT advisory lists a number of vulnerabilities in various LDAP implementations, based on the results of the PROTOS LDAPv3 test suite. These tests found one problem in OpenLDAP, a free LDAP implementation which is shipped as part of Debian GNU/Linux 2.2.

The problem is that slapd did not handle packets which had BER fields of invalid length and would crash if it received them. An attacker could use this to mount a remote denial of service attack.

This problem has been fixed in version 1.2.12-1, and we recommend that you upgrade your slapd package immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:
http://security.debian.org/dists/stable/updates/main/source/openldap_1.2.12-1.dsc
http://security.debian.org/dists/stable/updates/main/source/openldap_1.2.12-1.tar.gz
Architecture-independent component:
http://security.debian.org/dists/stable/updates/main/binary-all/ldap-rfc_1.2.12-1_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/libopenldap-runtime_1.2.12-1_all.deb
ARM:
http://security.debian.org/dists/stable/updates/main/binary-arm/libopenldap-dev_1.2.12-1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libopenldap1_1.2.12-1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/openldap-gateways_1.2.12-1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/openldap-utils_1.2.12-1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/openldapd_1.2.12-1_arm.deb
Alpha:
http://security.debian.org/dists/stable/updates/main/binary-alpha/libopenldap-dev_1.2.12-1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libopenldap1_1.2.12-1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/openldap-gateways_1.2.12-1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/openldap-utils_1.2.12-1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/openldapd_1.2.12-1_alpha.deb
Intel IA-32:
http://security.debian.org/dists/stable/updates/main/binary-i386/libopenldap-dev_1.2.12-1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libopenldap1_1.2.12-1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/openldap-gateways_1.2.12-1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/openldap-utils_1.2.12-1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/openldapd_1.2.12-1_i386.deb
Motorola 680x0:
http://security.debian.org/dists/stable/updates/main/binary-m68k/libopenldap-dev_1.2.12-1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libopenldap1_1.2.12-1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/openldap-gateways_1.2.12-1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/openldap-utils_1.2.12-1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/openldapd_1.2.12-1_m68k.deb
PowerPC:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libopenldap-dev_1.2.12-1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libopenldap1_1.2.12-1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/openldap-gateways_1.2.12-1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/openldap-utils_1.2.12-1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/openldapd_1.2.12-1_powerpc.deb
Sun Sparc:
http://security.debian.org/dists/stable/updates/main/binary-sparc/libopenldap-dev_1.2.12-1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libopenldap1_1.2.12-1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/openldap-gateways_1.2.12-1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/openldap-utils_1.2.12-1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/openldapd_1.2.12-1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started