LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: openldap security and enhancement Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated openldap packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. A flaw was found in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes. An authenticated local or remote attacker could create an LDAP request which could cause a denial of service by crashing slapd. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: openldap security and enhancement update
Advisory ID:       RHSA-2007:1038-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1038.html
Issue date:        2007-11-15
Updated on:        2007-11-15
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-5707 
- ---------------------------------------------------------------------

1. Summary:

Updated openldap packages that fix a security flaw are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.

A flaw was found in the way OpenLDAP's slapd daemon handled malformed
objectClasses LDAP attributes.  An authenticated local or remote attacker
could create an LDAP request which could cause a denial of service by
crashing slapd. (CVE-2007-5707)

In addition, the following feature was added:
* OpenLDAP client tools now have new option to configure their bind timeout.

All users are advised to upgrade to these updated openldap packages, which
contain a backported patch to correct this issue and provide this security
enhancement.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

359851 - CVE-2007-5707 openldap slapd DoS via objectClasses attribute

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openldap-2.2.13-8.el4_6.1.src.rpm
d83f67fe727e11d6cf1160b024b1f9a2  openldap-2.2.13-8.el4_6.1.src.rpm

i386:
b2c433fe08be943cb34d7ae75d29f022  compat-openldap-2.1.30-8.el4_6.1.i386.rpm
6ddb8c954ba2f85aa11850541d09f2f1  openldap-2.2.13-8.el4_6.1.i386.rpm
219c613cf348abaaebc4c4f9f018ed9d  openldap-clients-2.2.13-8.el4_6.1.i386.rpm
3a5d6b07337958bdfdf7528abcd0ffb2  openldap-debuginfo-2.2.13-8.el4_6.1.i386.rpm
7f40d96252d441fe7614a9beef25e0af  openldap-devel-2.2.13-8.el4_6.1.i386.rpm
4c19ad7c8b3adc537463852e1eba0233  openldap-servers-2.2.13-8.el4_6.1.i386.rpm
66e950a723214043bbe5b214b6bae217  openldap-servers-sql-2.2.13-8.el4_6.1.i386.rpm

ia64:
b2c433fe08be943cb34d7ae75d29f022  compat-openldap-2.1.30-8.el4_6.1.i386.rpm
6b8aaa38dfbca517ebc8c2eeab072225  compat-openldap-2.1.30-8.el4_6.1.ia64.rpm
6ddb8c954ba2f85aa11850541d09f2f1  openldap-2.2.13-8.el4_6.1.i386.rpm
e48a6a25b291ebe73a1e500a51d5752c  openldap-2.2.13-8.el4_6.1.ia64.rpm
42ab2e4a1af25c108f86b231af51321d  openldap-clients-2.2.13-8.el4_6.1.ia64.rpm
3a5d6b07337958bdfdf7528abcd0ffb2  openldap-debuginfo-2.2.13-8.el4_6.1.i386.rpm
f016210f44503358b516cca1e9602042  openldap-debuginfo-2.2.13-8.el4_6.1.ia64.rpm
ebdf2edb9e264227f5877905afef97ee  openldap-devel-2.2.13-8.el4_6.1.ia64.rpm
817e4e1f9963c90506ec40817cb9a311  openldap-servers-2.2.13-8.el4_6.1.ia64.rpm
3a85b2d97f872c32929a36379b09ac65  openldap-servers-sql-2.2.13-8.el4_6.1.ia64.rpm

ppc:
15008c36556193ddd7107d59f319f706  compat-openldap-2.1.30-8.el4_6.1.ppc.rpm
0934b07a1e5daef1715a5905fb3298ff  compat-openldap-2.1.30-8.el4_6.1.ppc64.rpm
8ea26adb6a6c9c8d993f69d06e0c13b8  openldap-2.2.13-8.el4_6.1.ppc.rpm
dc6666f0c29108215a50e3042ec3f1f6  openldap-2.2.13-8.el4_6.1.ppc64.rpm
63be6242af95535f973448e04be6001c  openldap-clients-2.2.13-8.el4_6.1.ppc.rpm
7f3c6b841561748c440c9d5594ab10bb  openldap-debuginfo-2.2.13-8.el4_6.1.ppc.rpm
d70cd5cb7911fc0fef4c2ec82e450c11  openldap-debuginfo-2.2.13-8.el4_6.1.ppc64.rpm
62ed6b0c6972a93067b0ae7b5050fde1  openldap-devel-2.2.13-8.el4_6.1.ppc.rpm
addded6b3675c6fbd1fff79de7c9fd7a  openldap-servers-2.2.13-8.el4_6.1.ppc.rpm
86611366034b049e10e31120f23071ea  openldap-servers-sql-2.2.13-8.el4_6.1.ppc.rpm

s390:
d10bae9f186810046b7c1f303d2b5275  compat-openldap-2.1.30-8.el4_6.1.s390.rpm
f6a5eb8f946114440c247a61ff3d39ad  openldap-2.2.13-8.el4_6.1.s390.rpm
19cd9d96abfaf4ae90c7c5c56d1963c5  openldap-clients-2.2.13-8.el4_6.1.s390.rpm
9e2f2f3537e2a78814cdbf681e4276c3  openldap-debuginfo-2.2.13-8.el4_6.1.s390.rpm
9cf8b1ccb6fcd9d15ff6bc204f06b4dc  openldap-devel-2.2.13-8.el4_6.1.s390.rpm
f25b8d09c7d36275569c1bd00d23d220  openldap-servers-2.2.13-8.el4_6.1.s390.rpm
349d84c877e0f870fa98e9830fc67454  openldap-servers-sql-2.2.13-8.el4_6.1.s390.rpm

s390x:
d10bae9f186810046b7c1f303d2b5275  compat-openldap-2.1.30-8.el4_6.1.s390.rpm
70801a51bef304886178af6806f9dbcb  compat-openldap-2.1.30-8.el4_6.1.s390x.rpm
f6a5eb8f946114440c247a61ff3d39ad  openldap-2.2.13-8.el4_6.1.s390.rpm
c7359a128c0d74e49a063578606bdaa8  openldap-2.2.13-8.el4_6.1.s390x.rpm
f9b40d30955a1db4f70e6b2cce3ac577  openldap-clients-2.2.13-8.el4_6.1.s390x.rpm
9e2f2f3537e2a78814cdbf681e4276c3  openldap-debuginfo-2.2.13-8.el4_6.1.s390.rpm
36e98eb7d5f13afb6efe38f3f1f13bba  openldap-debuginfo-2.2.13-8.el4_6.1.s390x.rpm
c82e16b66ac226d5263d7d1b7a5f57a8  openldap-devel-2.2.13-8.el4_6.1.s390x.rpm
4b5f38cbdec79291593221a66125e45e  openldap-servers-2.2.13-8.el4_6.1.s390x.rpm
d3c79b08b668917d1156f366c320bce2  openldap-servers-sql-2.2.13-8.el4_6.1.s390x.rpm

x86_64:
b2c433fe08be943cb34d7ae75d29f022  compat-openldap-2.1.30-8.el4_6.1.i386.rpm
a4a32d858eb9289ca447bea8513cfe1d  compat-openldap-2.1.30-8.el4_6.1.x86_64.rpm
6ddb8c954ba2f85aa11850541d09f2f1  openldap-2.2.13-8.el4_6.1.i386.rpm
49aa0f91ab6af3df095e47f5aaafa4b0  openldap-2.2.13-8.el4_6.1.x86_64.rpm
c4dc861ca1240793966e707a8f4a7cd3  openldap-clients-2.2.13-8.el4_6.1.x86_64.rpm
3a5d6b07337958bdfdf7528abcd0ffb2  openldap-debuginfo-2.2.13-8.el4_6.1.i386.rpm
be99b06e1dbeeec8e5259e1385a368c2  openldap-debuginfo-2.2.13-8.el4_6.1.x86_64.rpm
48d7db553ba4c337e776005170b61d80  openldap-devel-2.2.13-8.el4_6.1.x86_64.rpm
59dce9ed46d0f6661fca7c2d1141da35  openldap-servers-2.2.13-8.el4_6.1.x86_64.rpm
6e64d976439bdacd8200ac3a2197c409  openldap-servers-sql-2.2.13-8.el4_6.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openldap-2.2.13-8.el4_6.1.src.rpm
d83f67fe727e11d6cf1160b024b1f9a2  openldap-2.2.13-8.el4_6.1.src.rpm

i386:
b2c433fe08be943cb34d7ae75d29f022  compat-openldap-2.1.30-8.el4_6.1.i386.rpm
6ddb8c954ba2f85aa11850541d09f2f1  openldap-2.2.13-8.el4_6.1.i386.rpm
219c613cf348abaaebc4c4f9f018ed9d  openldap-clients-2.2.13-8.el4_6.1.i386.rpm
3a5d6b07337958bdfdf7528abcd0ffb2  openldap-debuginfo-2.2.13-8.el4_6.1.i386.rpm
7f40d96252d441fe7614a9beef25e0af  openldap-devel-2.2.13-8.el4_6.1.i386.rpm
4c19ad7c8b3adc537463852e1eba0233  openldap-servers-2.2.13-8.el4_6.1.i386.rpm
66e950a723214043bbe5b214b6bae217  openldap-servers-sql-2.2.13-8.el4_6.1.i386.rpm

x86_64:
b2c433fe08be943cb34d7ae75d29f022  compat-openldap-2.1.30-8.el4_6.1.i386.rpm
a4a32d858eb9289ca447bea8513cfe1d  compat-openldap-2.1.30-8.el4_6.1.x86_64.rpm
6ddb8c954ba2f85aa11850541d09f2f1  openldap-2.2.13-8.el4_6.1.i386.rpm
49aa0f91ab6af3df095e47f5aaafa4b0  openldap-2.2.13-8.el4_6.1.x86_64.rpm
c4dc861ca1240793966e707a8f4a7cd3  openldap-clients-2.2.13-8.el4_6.1.x86_64.rpm
3a5d6b07337958bdfdf7528abcd0ffb2  openldap-debuginfo-2.2.13-8.el4_6.1.i386.rpm
be99b06e1dbeeec8e5259e1385a368c2  openldap-debuginfo-2.2.13-8.el4_6.1.x86_64.rpm
48d7db553ba4c337e776005170b61d80  openldap-devel-2.2.13-8.el4_6.1.x86_64.rpm
59dce9ed46d0f6661fca7c2d1141da35  openldap-servers-2.2.13-8.el4_6.1.x86_64.rpm
6e64d976439bdacd8200ac3a2197c409  openldap-servers-sql-2.2.13-8.el4_6.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openldap-2.2.13-8.el4_6.1.src.rpm
d83f67fe727e11d6cf1160b024b1f9a2  openldap-2.2.13-8.el4_6.1.src.rpm

i386:
b2c433fe08be943cb34d7ae75d29f022  compat-openldap-2.1.30-8.el4_6.1.i386.rpm
6ddb8c954ba2f85aa11850541d09f2f1  openldap-2.2.13-8.el4_6.1.i386.rpm
219c613cf348abaaebc4c4f9f018ed9d  openldap-clients-2.2.13-8.el4_6.1.i386.rpm
3a5d6b07337958bdfdf7528abcd0ffb2  openldap-debuginfo-2.2.13-8.el4_6.1.i386.rpm
7f40d96252d441fe7614a9beef25e0af  openldap-devel-2.2.13-8.el4_6.1.i386.rpm
4c19ad7c8b3adc537463852e1eba0233  openldap-servers-2.2.13-8.el4_6.1.i386.rpm
66e950a723214043bbe5b214b6bae217  openldap-servers-sql-2.2.13-8.el4_6.1.i386.rpm

ia64:
b2c433fe08be943cb34d7ae75d29f022  compat-openldap-2.1.30-8.el4_6.1.i386.rpm
6b8aaa38dfbca517ebc8c2eeab072225  compat-openldap-2.1.30-8.el4_6.1.ia64.rpm
6ddb8c954ba2f85aa11850541d09f2f1  openldap-2.2.13-8.el4_6.1.i386.rpm
e48a6a25b291ebe73a1e500a51d5752c  openldap-2.2.13-8.el4_6.1.ia64.rpm
42ab2e4a1af25c108f86b231af51321d  openldap-clients-2.2.13-8.el4_6.1.ia64.rpm
3a5d6b07337958bdfdf7528abcd0ffb2  openldap-debuginfo-2.2.13-8.el4_6.1.i386.rpm
f016210f44503358b516cca1e9602042  openldap-debuginfo-2.2.13-8.el4_6.1.ia64.rpm
ebdf2edb9e264227f5877905afef97ee  openldap-devel-2.2.13-8.el4_6.1.ia64.rpm
817e4e1f9963c90506ec40817cb9a311  openldap-servers-2.2.13-8.el4_6.1.ia64.rpm
3a85b2d97f872c32929a36379b09ac65  openldap-servers-sql-2.2.13-8.el4_6.1.ia64.rpm

x86_64:
b2c433fe08be943cb34d7ae75d29f022  compat-openldap-2.1.30-8.el4_6.1.i386.rpm
a4a32d858eb9289ca447bea8513cfe1d  compat-openldap-2.1.30-8.el4_6.1.x86_64.rpm
6ddb8c954ba2f85aa11850541d09f2f1  openldap-2.2.13-8.el4_6.1.i386.rpm
49aa0f91ab6af3df095e47f5aaafa4b0  openldap-2.2.13-8.el4_6.1.x86_64.rpm
c4dc861ca1240793966e707a8f4a7cd3  openldap-clients-2.2.13-8.el4_6.1.x86_64.rpm
3a5d6b07337958bdfdf7528abcd0ffb2  openldap-debuginfo-2.2.13-8.el4_6.1.i386.rpm
be99b06e1dbeeec8e5259e1385a368c2  openldap-debuginfo-2.2.13-8.el4_6.1.x86_64.rpm
48d7db553ba4c337e776005170b61d80  openldap-devel-2.2.13-8.el4_6.1.x86_64.rpm
59dce9ed46d0f6661fca7c2d1141da35  openldap-servers-2.2.13-8.el4_6.1.x86_64.rpm
6e64d976439bdacd8200ac3a2197c409  openldap-servers-sql-2.2.13-8.el4_6.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openldap-2.2.13-8.el4_6.1.src.rpm
d83f67fe727e11d6cf1160b024b1f9a2  openldap-2.2.13-8.el4_6.1.src.rpm

i386:
b2c433fe08be943cb34d7ae75d29f022  compat-openldap-2.1.30-8.el4_6.1.i386.rpm
6ddb8c954ba2f85aa11850541d09f2f1  openldap-2.2.13-8.el4_6.1.i386.rpm
219c613cf348abaaebc4c4f9f018ed9d  openldap-clients-2.2.13-8.el4_6.1.i386.rpm
3a5d6b07337958bdfdf7528abcd0ffb2  openldap-debuginfo-2.2.13-8.el4_6.1.i386.rpm
7f40d96252d441fe7614a9beef25e0af  openldap-devel-2.2.13-8.el4_6.1.i386.rpm
4c19ad7c8b3adc537463852e1eba0233  openldap-servers-2.2.13-8.el4_6.1.i386.rpm
66e950a723214043bbe5b214b6bae217  openldap-servers-sql-2.2.13-8.el4_6.1.i386.rpm

ia64:
b2c433fe08be943cb34d7ae75d29f022  compat-openldap-2.1.30-8.el4_6.1.i386.rpm
6b8aaa38dfbca517ebc8c2eeab072225  compat-openldap-2.1.30-8.el4_6.1.ia64.rpm
6ddb8c954ba2f85aa11850541d09f2f1  openldap-2.2.13-8.el4_6.1.i386.rpm
e48a6a25b291ebe73a1e500a51d5752c  openldap-2.2.13-8.el4_6.1.ia64.rpm
42ab2e4a1af25c108f86b231af51321d  openldap-clients-2.2.13-8.el4_6.1.ia64.rpm
3a5d6b07337958bdfdf7528abcd0ffb2  openldap-debuginfo-2.2.13-8.el4_6.1.i386.rpm
f016210f44503358b516cca1e9602042  openldap-debuginfo-2.2.13-8.el4_6.1.ia64.rpm
ebdf2edb9e264227f5877905afef97ee  openldap-devel-2.2.13-8.el4_6.1.ia64.rpm
817e4e1f9963c90506ec40817cb9a311  openldap-servers-2.2.13-8.el4_6.1.ia64.rpm
3a85b2d97f872c32929a36379b09ac65  openldap-servers-sql-2.2.13-8.el4_6.1.ia64.rpm

x86_64:
b2c433fe08be943cb34d7ae75d29f022  compat-openldap-2.1.30-8.el4_6.1.i386.rpm
a4a32d858eb9289ca447bea8513cfe1d  compat-openldap-2.1.30-8.el4_6.1.x86_64.rpm
6ddb8c954ba2f85aa11850541d09f2f1  openldap-2.2.13-8.el4_6.1.i386.rpm
49aa0f91ab6af3df095e47f5aaafa4b0  openldap-2.2.13-8.el4_6.1.x86_64.rpm
c4dc861ca1240793966e707a8f4a7cd3  openldap-clients-2.2.13-8.el4_6.1.x86_64.rpm
3a5d6b07337958bdfdf7528abcd0ffb2  openldap-debuginfo-2.2.13-8.el4_6.1.i386.rpm
be99b06e1dbeeec8e5259e1385a368c2  openldap-debuginfo-2.2.13-8.el4_6.1.x86_64.rpm
48d7db553ba4c337e776005170b61d80  openldap-devel-2.2.13-8.el4_6.1.x86_64.rpm
59dce9ed46d0f6661fca7c2d1141da35  openldap-servers-2.2.13-8.el4_6.1.x86_64.rpm
6e64d976439bdacd8200ac3a2197c409  openldap-servers-sql-2.2.13-8.el4_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5707
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google to turn on encryption by default in next Android version
TOR users become FBI's No.1 hacking target after legal power grab
OWASP Releases Latest App Sec Guide
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.