Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: OpenLDAP vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Cameron Hotchkies discovered that OpenLDAP did not correctly handle certain ASN.1 BER data. A remote attacker could send a specially crafted packet and crash slapd, leading to a denial of service.
Ubuntu Security Notice USN-634-1            August 01, 2008
openldap2.2, openldap2.3 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  slapd                           2.2.26-5ubuntu2.8

Ubuntu 7.04:
  slapd                           2.3.30-2ubuntu0.3

Ubuntu 7.10:
  slapd                           2.3.35-1ubuntu0.3

Ubuntu 8.04 LTS:
  slapd                           2.4.9-0ubuntu0.8.04.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Cameron Hotchkies discovered that OpenLDAP did not correctly handle
certain ASN.1 BER data.  A remote attacker could send a specially crafted
packet and crash slapd, leading to a denial of service.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   514393 4f9e265da3b3862538e819f77e2e3586
      Size/MD5:     1058 b22c78f0d48cc36e948b54e3af20edfd
      Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   130764 97be6915cd08b18f1cebd0278fdb6cbd
      Size/MD5:   166234 f033393ec3c64058c9a330f3ff8f3ffd
      Size/MD5:   961898 d2a6a9b40ae45ee16f07081caf554e1f

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   118560 6e725d3528b0fbf7603ffaca188fd058
      Size/MD5:   146330 c385cbad49d21de849f6deb69a3f24df
      Size/MD5:   873280 e2c56f6d1a5a372b90c416d4270a9136

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   132924 3f6561c503b4aba5bdd7380ca16a9233
      Size/MD5:   157382 6b375c5e1da604ff063770a1bacdf9ae
      Size/MD5:   959922 18f40de968f784c06595986dc90ac2ba

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   120868 e36bb816e65f673852040cbdc9e99fb8
      Size/MD5:   148406 5ee83d9e8ab2b6a7e43d4486ef4495fd
      Size/MD5:   903834 7fd3a71e6dfdfd629d15f1484eface61

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   139053 aaea5b917bae9e40a49389eb18ee6b0b
      Size/MD5:     1333 4bf113a4b679696671b740e0602c0d0c
      Size/MD5:  2971126 c40bcc23fa65908b8d7a86a4a6061251

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   187762 3daa694023d35e8d1d5906531f77184e
      Size/MD5:   292432 5e91f231274471465056dab7ac915579
      Size/MD5:  1228150 2f5c3cff26ded73113db5c3ae9da2c81

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   156182 d70e186bfda981a71eee3c23b97c92c8
      Size/MD5:   267618 9d188f962935c72538564fe57dded98f
      Size/MD5:  1154914 83d7c5c110c5341d3d611dc9fad7cd47

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   203784 f2bc7da688b35227c7f3f8fa171fc504
      Size/MD5:   294528 e22c51734656e016714aa23ac0822257
      Size/MD5:  1280558 b6ada4c71ffb98a27638af78f2aa945f

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   164516 441e58de64bed972d60fbba28e855d7b
      Size/MD5:   264402 1f166e5072bfcf4059caf05e783e5fb4
      Size/MD5:  1170022 c140469dc080ee8278d3ecdc235831d6

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   151991 51ff8eebcede1f6fad3e31a2614e79d5
      Size/MD5:     1343 9b21ec600b40a024bb1f7de69a9e95fb
      Size/MD5:  2947629 5096146b7a7eb6ce3b0a97549347b5be

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   190088 5325d5369407eb873c98ee7f41615fde
      Size/MD5:   347238 74514bf63a843d67b3d0910e75709490
      Size/MD5:  1296502 6a572fccaab720d0e48c047e622dbb54

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   155520 59776c8fa4c5860f7f6156d8b4914c5f
      Size/MD5:   314742 28a30e5baa754d2ae38af9b4ffbce9de
      Size/MD5:  1216458 2c90d198d1d43e88d7588abe53293c71

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   154744 8ad5d3c9c3560d8fea8fae38d8d75767
      Size/MD5:   307278 18d45b49ce6400456015193e6cf600fb
      Size/MD5:  1211812 783b0db2a54143566988d54cf1a4dcbe

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   205302 c623bf368b4109c62e90e373b9afe23f
      Size/MD5:   345962 f8c94186487abe14abd758cb55fec8b1
      Size/MD5:  1345648 cd8ea44a87c657b0ee27e182ff60fba2

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   166528 8bece260d735957a9aae4974419a8e46
      Size/MD5:   306968 e7cdab9c3df1f7356132f47715e922ed
      Size/MD5:  1229088 f513afe9b2301f2d6832b1ab1c890581

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:   144671 58f945638d8a393778cb4df222717edb
      Size/MD5:     1547 c6a52c38b25a2f9d5c601c16f178a049
      Size/MD5:  3694611 3c0b5ae3d45f5675e67aaf81ce7decc9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   266934 6e5418f9691e9d706dca198030a16cbe
      Size/MD5:   292184 86aa494fc2b80820183d32b044d16b5f
      Size/MD5:   197958 090e06973eba26a1cff8e60a7f42a16c
      Size/MD5:   868394 a5d7acae075d2c0826e0413272d018ad
      Size/MD5:  3614964 3c49f3a956ad5db0ccf792d9b8d36dd1
      Size/MD5:  1448036 808090c707d68dc9d9901a1c980b3f21

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   245424 9219d82631dbe22fa6145206cbe85a98
      Size/MD5:   282694 39a3b506f3ee6d8c097dd7d56dcadec3
      Size/MD5:   182138 cfc345ff59b93219e75ab3eb90b959e7
      Size/MD5:   777646 4ce598932a7b6e36fee72664d31b77d3
      Size/MD5:  3533272 002c831a1311521e015324200bb25c88
      Size/MD5:  1354600 ebfd92f0ebc07663e5bdad585efe8259

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   246620 c573b1d987fd0b0f1d6e78b3fdd55e2d
      Size/MD5:   285252 21e10a90681897f42e73c2d75891a829
      Size/MD5:   177840 beaddaca16ab416eb8b7213c8f7f21db
      Size/MD5:   779066 8ad40229d8403ab67b89fffa5a5838d4
      Size/MD5:  3565372 471469186a53293b1ca37ae98214182d
      Size/MD5:  1348534 7db3b6e67624f788898871bcdf4748ed

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   286564 9fdfd981184b736acf1ce3f23546fa8d
      Size/MD5:   288262 2b41a700b9c68003a64552d5878db89e
      Size/MD5:   192710 6f49c29d5c5a0d9057bceb5e3ae56096
      Size/MD5:   897520 ec87b7bb590ea7960f11d40820c10c4e
      Size/MD5:  3670418 eba5c8dae9d82d03e92dbc84580f06a2
      Size/MD5:  1494264 8f0cf97e665d58b769f83d542c56acf4

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   248502 d4fbd44307a9920c36d2a6f9df7c1bcf
      Size/MD5:   259242 a6743c6dd9c4409a13081c5ee035ddfd
      Size/MD5:   178744 c92678408505baa4a7746140905a66b7
      Size/MD5:   767462 b9432320d29b5c5d1eb6b1e7541561c8
      Size/MD5:  3484818 ff70b240ab888a27628e3b3c3812e335
      Size/MD5:  1349498 66253c6ffd2cb831c24b9713c3edcc87

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.