LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: OpenLDAP vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Evgeny Legerov discovered that the OpenLDAP libraries did not correctly truncate authcid names. This situation would trigger an assert and abort the program using the libraries. A remote attacker could send specially crafted bind requests that would lead to an LDAP server denial of service.
=========================================================== 
Ubuntu Security Notice USN-384-1          November 20, 2006
openldap2.2 vulnerability
CVE-2006-5779
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libldap-2.2-7                            2.2.26-3ubuntu0.2

Ubuntu 6.06 LTS:
  libldap-2.2-7                            2.2.26-5ubuntu2.2

Ubuntu 6.10:
  libldap-2.2-7                            2.2.26-5ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Evgeny Legerov discovered that the OpenLDAP libraries did not correctly 
truncate authcid names.  This situation would trigger an assert and 
abort the program using the libraries.  A remote attacker could send 
specially crafted bind requests that would lead to an LDAP server denial 
of service.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-3ubuntu0.2.diff.gz
      Size/MD5:   496193 6489142e8aebaf700dffa4436ceb9125
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-3ubuntu0.2.dsc
      Size/MD5:     1020 3107bd4e8185872a1187a44f68e4a79d
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
      Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-3ubuntu0.2_amd64.deb
      Size/MD5:   129942 685ed6da8a0029168dc2ab2b08482fa1
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-3ubuntu0.2_amd64.deb
      Size/MD5:   164344 58ac93b154a048605e26add2bb8788d6
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-3ubuntu0.2_amd64.deb
      Size/MD5:   954654 4a11e525c79e58a6e072533d41807282

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-3ubuntu0.2_i386.deb
      Size/MD5:   118314 48a1edbf81bfe84f5624fa566f223d47
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-3ubuntu0.2_i386.deb
      Size/MD5:   144906 962b8dac7f92023d592e2f4a9b669d7c
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-3ubuntu0.2_i386.deb
      Size/MD5:   866154 225472af1108f1d3f45fdea57d741e85

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-3ubuntu0.2_powerpc.deb
      Size/MD5:   132484 5235d7945b6c22d2ca88626740469a11
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-3ubuntu0.2_powerpc.deb
      Size/MD5:   155616 824f6ea3cd03452e51fd1dff00d144cf
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-3ubuntu0.2_powerpc.deb
      Size/MD5:   955014 028d4dda659565b4d144133b10782a82

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-3ubuntu0.2_sparc.deb
      Size/MD5:   121514 1c5ea82fa78e27158bd4bd648e9f3aab
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-3ubuntu0.2_sparc.deb
      Size/MD5:   147724 41cf3ee9648b4741e1ae733cb85303a6
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-3ubuntu0.2_sparc.deb
      Size/MD5:   899702 b8cbea7f0e01bbd6cbe3784749b10ae2

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.2.diff.gz
      Size/MD5:   514824 dae9d9d370900acd3e68236fcba338ef
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.2.dsc
      Size/MD5:     1020 da008958f1f1be6034d066992994d72f
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
      Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.2_amd64.deb
      Size/MD5:   130302 6c4f872550fd66571d941b95932f1d94
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.2_amd64.deb
      Size/MD5:   165690 fc2a688286ab9018b7628f4578d66749
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.2_amd64.deb
      Size/MD5:   960970 e6a4ec6260464029de2f5c59e46b8aaf

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.2_i386.deb
      Size/MD5:   118204 d0113a49754b5532f4264a1faeddc898
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.2_i386.deb
      Size/MD5:   145812 6ac3d23280dd1629db869f7e87205116
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.2_i386.deb
      Size/MD5:   872652 9a227353c8514d06dcb9df71cefa021c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.2_powerpc.deb
      Size/MD5:   132464 603817c7369c434c3431a0f45d3b6d2b
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.2_powerpc.deb
      Size/MD5:   156868 04b61ffefee75cb253a372045ad31050
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.2_powerpc.deb
      Size/MD5:   959120 767ac6ba7a6eb7dadb52f1580f3368a4

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.2_sparc.deb
      Size/MD5:   120504 4611cecc11a7879215a82a38acfe7594
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.2_sparc.deb
      Size/MD5:   147902 7b701282672f73d674ab7cdcde295fb4
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.2_sparc.deb
      Size/MD5:   903148 2560661995f6456daadf0e98ea02836a

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.1.diff.gz
      Size/MD5:   515887 51a03d1a45addff349d4964037814c9a
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.1.dsc
      Size/MD5:     1020 104953f3f263c3ff6bf651016cca24c2
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
      Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.1_amd64.deb
      Size/MD5:   130482 fee83cf01bfcf3583fb7ffa6b117d45b
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.1_amd64.deb
      Size/MD5:   166454 cf19d7c93cf4afdb2fd756956daf4b83
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.1_amd64.deb
      Size/MD5:   958026 a919760c1dc0be71ddd314754b5865e2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.1_i386.deb
      Size/MD5:   121144 f47e0228d4a170ba5e236dfa24afc580
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.1_i386.deb
      Size/MD5:   152264 7bc5ea6a0f004ae55a5dec8b6c6dd8a8
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.1_i386.deb
      Size/MD5:   900510 b1934c1394cf87178f8b0227db25b437

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.1_powerpc.deb
      Size/MD5:   133466 e97fca30cc4feebbf18d285b7b3768e1
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.1_powerpc.deb
      Size/MD5:   158622 5628aff8386cdc0742c9710ce9acffdd
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.1_powerpc.deb
      Size/MD5:   966308 f39802aa3659d09235cfbfb0e7b2cab6

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.1_sparc.deb
      Size/MD5:   121394 81f4607e8c8b83f1fc7afd4b44c6877f
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.1_sparc.deb
      Size/MD5:   149082 df8842ea271eeb27726aa18f7bc26991
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.1_sparc.deb
      Size/MD5:   909040 a48d742f3613721a650d98703503006c


--+ts6NCQ4mrNQIV8p
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFYkx9H/9LqRcGPm0RAslQAJ0YheyAMRlOaazDjvDOnD0jbZJc9ACfW5s/
HxshSD9+bkSPswWeRuhDmzk=IfyZ
-----END PGP SIGNATURE-----

--+ts6NCQ4mrNQIV8p--


--==============96820142=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============96820142==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.