CVE-2011-4079: Denial of Service through off-by-one

Debian Bug report logs - #647610
CVE-2011-4079: Denial of Service through off-by-one

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2011-4079: Denial of Service through off-by-one

Date: Fri, 04 Nov 2011 15:34:44 +0100

Package: openldap
Severity: grave
Tags: security

Please see  https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4079
for more information and links to patches.

Cheers,
        Moritz

Message #10 received at 647610@bugs.debian.org (full text, mbox, reply):

From: Petter Reinholdtsen <pere@hungry.com>

To: 647610@bugs.debian.org

Subject: Re: CVE-2011-4079: Denial of Service through off-by-one

Date: Wed, 16 Nov 2011 10:45:33 +0100

I found thiese comments from Ramon de C Valle in the RedHat bugzilla

(2011-10-28 11:21:16 EDT)

  Doug Lea's Malloc stores chunks whose size is smaller than 512 bytes
  in one of the small bins, which holds identically sized chunks. The
  size of a chunk is always a multiple of 8 bytes, and the first small
  bin holds 16 bytes chunks.  Since the minimum allocated size is 16
  bytes, it seems no data that can result in application crash can be
  overwritten as a result of this.

(2011-11-15 11:30:35 EST)

  The Red Hat Security Response Team does not consider this to be a
  security issue. For additional information, refer to:
  https://bugzilla.redhat.com/show_bug.cgi?id=749324#c1.

I believe this indicate that when the function is working on memory
blocks from the heap, there will always be spare room and no overwriting
will take place.  That leave on stack space, which I guess rarely are
used for random UTF-8 strings.

Perhaps this issue isn't really a security problem and the severity
should be reduced?
-- 
Happy hacking
Petter Reinholdtsen

Message #17 received at 647610-close@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>

To: 647610-close@bugs.debian.org

Subject: Bug#647610: fixed in openldap 2.4.28-1

Date: Thu, 05 Jan 2012 17:33:13 +0000

Source: openldap
Source-Version: 2.4.28-1

We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive:

ldap-utils_2.4.28-1_amd64.deb
  to main/o/openldap/ldap-utils_2.4.28-1_amd64.deb
libldap-2.4-2-dbg_2.4.28-1_amd64.deb
  to main/o/openldap/libldap-2.4-2-dbg_2.4.28-1_amd64.deb
libldap-2.4-2_2.4.28-1_amd64.deb
  to main/o/openldap/libldap-2.4-2_2.4.28-1_amd64.deb
libldap2-dev_2.4.28-1_amd64.deb
  to main/o/openldap/libldap2-dev_2.4.28-1_amd64.deb
openldap_2.4.28-1.diff.gz
  to main/o/openldap/openldap_2.4.28-1.diff.gz
openldap_2.4.28-1.dsc
  to main/o/openldap/openldap_2.4.28-1.dsc
openldap_2.4.28.orig.tar.gz
  to main/o/openldap/openldap_2.4.28.orig.tar.gz
slapd-dbg_2.4.28-1_amd64.deb
  to main/o/openldap/slapd-dbg_2.4.28-1_amd64.deb
slapd-smbk5pwd_2.4.28-1_amd64.deb
  to main/o/openldap/slapd-smbk5pwd_2.4.28-1_amd64.deb
slapd_2.4.28-1_amd64.deb
  to main/o/openldap/slapd_2.4.28-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 647610@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated openldap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 05 Jan 2012 06:07:11 +0000
Source: openldap
Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg
Architecture: source amd64
Version: 2.4.28-1
Distribution: unstable
Urgency: low
Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description: 
 ldap-utils - OpenLDAP utilities
 libldap-2.4-2 - OpenLDAP libraries
 libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
 libldap2-dev - OpenLDAP development libraries
 slapd      - OpenLDAP server (slapd)
 slapd-dbg  - Debugging information for the OpenLDAP server (slapd)
 slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd.
Closes: 608815 635931 644985 647610 651333 651400 651598
Changes: 
 openldap (2.4.28-1) unstable; urgency=low
 .
   * New upstream release.
     - Fixes CVE-2011-4079.  Closes: #647610.
     - Fixes support for proxy authorization with SASL-GSSAPI.
       Closes: #608815.
     - Drop patch service-operational-before-detach, which came from upstream.
     - Drop patch fix-its6898-locking-issue, included upstream.
     - Refresh other patches as needed.
   * debian/slapd.scripts-common: quote the argument to slappasswd, to cope
     with shell characters in the string.  Thanks to Nicolai Ehemann
     <en@englightened.de> for the patch.  Closes: #635931.
   * Install ldif.h in libldap2-dev, now that it's been blessed upstream.
     Closes: #644985.
   * debian/patches/no-bdb-ABI-second-guessing: don't force an exact match on
     the upstream version of libdb; this is redundant with our packaging
     system, and causes spurious errors when there's a non-ABI-breaking
     BDB upstream release.  Closes: #651333.
   * Build-conflict with the ancient autoconf2.13, which is incompatible with
     dh-autoreconf.  (Maybe dh-autoreconf itself should conflict with it?)
     Closes: #651598.
 .
   [ Updated debconf translations ]
   * Dutch, thanks to Jeroen Schot <schot@A-Eskwadraat.nl>.  Closes: #651400.
Checksums-Sha1: 
 30a4c11d36afca9859c59330c3ea5dc752662943 2719 openldap_2.4.28-1.dsc
 c1345e4cabea83912d511b77bd227c120e29834b 4714012 openldap_2.4.28.orig.tar.gz
 28f00e0fd0dbb232fd88f261988ce05524dc6139 158480 openldap_2.4.28-1.diff.gz
 3f9b1326387d1957301ebd028c4b3bd2ed03448b 1755882 slapd_2.4.28-1_amd64.deb
 49c46c173023645be8c309f6066fcccebd39f6c1 78270 slapd-smbk5pwd_2.4.28-1_amd64.deb
 3ef6b3673b6810eafe0b2d7d7b22c6c2101588e8 340042 ldap-utils_2.4.28-1_amd64.deb
 dc6dded58a84feaf25a37c0ba8bfbd09d5d62a2c 240234 libldap-2.4-2_2.4.28-1_amd64.deb
 3b7a81924a02831f64ad267a2a88317e17959dbf 368762 libldap-2.4-2-dbg_2.4.28-1_amd64.deb
 8aee0acd03b96569fcbbde15e01c456572b767c0 560062 libldap2-dev_2.4.28-1_amd64.deb
 b330bc304bcb93d6678b2701f036376312246c36 4695744 slapd-dbg_2.4.28-1_amd64.deb
Checksums-Sha256: 
 e3f661e663908b7e27ff3ef5d7cb12c8cd0d44a885d8750e882c0779485d4893 2719 openldap_2.4.28-1.dsc
 1fcc10fc22d9ffff7940df76135a4a349ea4c6d1ec212e4542493a500e85448a 4714012 openldap_2.4.28.orig.tar.gz
 14d0dcb380feb15e80df96e0f309597515ab94f3cfa3f8d3a2a1e1c9b34f0ef9 158480 openldap_2.4.28-1.diff.gz
 5e58fc527e5c9df3549c2900ac05a5a7fd14ad7b4517683a56923845e2c7e56f 1755882 slapd_2.4.28-1_amd64.deb
 31a0abc0c21328feb8f8cb4636e3d8a0ae9b3df2ca535ed289733107f8acd886 78270 slapd-smbk5pwd_2.4.28-1_amd64.deb
 519de5d2512dc285b7092f7172394ab32f2665b917aaa45b35cffe2580c9a21f 340042 ldap-utils_2.4.28-1_amd64.deb
 f79adae577d540918e93c469dea8fa4eaac7055c3b6c48e93d7cd1e3a8636ca0 240234 libldap-2.4-2_2.4.28-1_amd64.deb
 35dcd73efe2ca950de02406f1ec19d67e60ecab0702bd2b99cffceb1e22311f1 368762 libldap-2.4-2-dbg_2.4.28-1_amd64.deb
 5ceca48123076afac34acfda65e93cfc8d6a43ee2ec1b9948354d0a56a9927fb 560062 libldap2-dev_2.4.28-1_amd64.deb
 74b505085af6407cf1326d96503c755562c5329cd17bd15b664cfe370319ad48 4695744 slapd-dbg_2.4.28-1_amd64.deb
Files: 
 c240481c682486520bff8f7954e2d4c4 2719 net optional openldap_2.4.28-1.dsc
 3812086464b9145342733f9ea735ea66 4714012 net optional openldap_2.4.28.orig.tar.gz
 dca617a9bac3736f30b72f89afcc6533 158480 net optional openldap_2.4.28-1.diff.gz
 20842c9b48544695d413a0e6ef1eba48 1755882 net optional slapd_2.4.28-1_amd64.deb
 34565fa4b22d8cf1ef235ea2d015e39e 78270 net extra slapd-smbk5pwd_2.4.28-1_amd64.deb
 036642a187220b4bdfc22f67e942311a 340042 net optional ldap-utils_2.4.28-1_amd64.deb
 ebf3c4ad3d084410db0bd68b99d43758 240234 libs standard libldap-2.4-2_2.4.28-1_amd64.deb
 44e0721f4278b342e437d7e1226362d9 368762 debug extra libldap-2.4-2-dbg_2.4.28-1_amd64.deb
 c6dbeb8717aaf683d7048c411e0d4b4c 560062 libdevel extra libldap2-dev_2.4.28-1_amd64.deb
 487b51587f271630df289c2d20ea1572 4695744 debug extra slapd-dbg_2.4.28-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTwXCpVaNMPMhshM9AQhJjBAAgOkDTgVNhApOBJHae6C3GFIwG/tYfpE8
W2mI+HzXsKbsQxjb0ZQOpocnuXhTZ+3o/FWNig7e0JDc4dV/XYdDPBpE4rZCasHs
m9wZPmMrnGSY2JAJPO9WP85S4UhoUVnutOsGqRZbL1mFi+XkOWO+6mRqzAvjAIVY
40K1Q3hFFkgHlwu5dmqwPQ0TyU6YXNJDjUgGVGlfiYMO5UIpaynLVTWJ+jfIVbZ1
QfNRR4i7mtLfenyCOyeeHsCTuaCL5yk6znnXaYA/qzBX9M8kpwQ0jY1TMXVPpE4Z
qXjdfEI44lHnxE0ogkaPsAO7pIls85TRzOJO19jN9cUHF9wJXWf9jsEiH12ML7f9
jGvbk6QtPilHzVSJMqs8gNaHlwJUCJ0XpDQ7mlcCBu3sqQB0LQILN3Gwa76TMIFW
BMThYoaIETn/ghHxqs3GFu+CWi5QrgaggHHo9yKcEPSlPgPHLZQ6+ti4nV9+yi1Z
i1rAdBF6QLUSU6LpKK6sLZSdAu2rpUzomEhUtRDD+Jo8qgTfR+gVyMgHl6N6Ccvr
XdzMhF1rVX4p85zYjju/t/Ss8hrsQXtbSB83Ct1jPfvgmhZgqJtBZWX4M45S+Xe9
jXgMcTHC8rXgeq393IPG5RWNOUMamGoGXJ4ZoJVr8dbFWElLK0fBjvy3JQkpiWNa
JZEK4YrOKMs=
=MpE4
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.