tags 465933 confirmed upstream severity 465933 important thanks On Fri, Feb 15, 2008 at 02:30:42PM +0100, Nico Golde wrote: > Package: slapd > Version: 2.3.39-1 > Severity: grave > Tags: security patch
> Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for slapd. > CVE-2008-0658[0]: > | slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP > | 2.3.39 allows remote authenticated users to cause a denial of service > | (daemon crash) via a modrdn operation with a NOOP > | (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. > If you fix this vulnerability please also include the CVE id > in your changelog entry. > You can find a patch for this on: > http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198&f=h For the record, this patch is not present in 2.4.7, so testing and unstable appear to also be vulnerable. Downgrading the severity though, in keeping with the Debian security team's policy on DoS bugs. If there's any evidence that this bug is exploitable as a privilege escalation vector, the severity should of course be raised again. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
