Debian DSA-1541-1 : openldap2.3 - several vulnerabilities

high Nessus Plugin ID 31811

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2007-5707 Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests.

- CVE-2007-5708 Toby Blade discovered that incorrect memory handling in slapo-pcache could lead to denial of service through crafted search requests.

- CVE-2007-6698 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modify requests.

- CVE-2008-0658 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modrdn requests.

Solution

Upgrade the openldap2.3 packages.

For the stable distribution (etch), these problems have been fixed in version 2.3.30-5+etch1.

See Also

https://www.debian.org/security/2008/dsa-1541

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448644

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465875

https://security-tracker.debian.org/tracker/CVE-2007-5707

https://security-tracker.debian.org/tracker/CVE-2007-5708

https://security-tracker.debian.org/tracker/CVE-2007-6698

https://security-tracker.debian.org/tracker/CVE-2008-0658

Plugin Details

Severity: High

ID: 31811

File Name: debian_DSA-1541.nasl

Version: 1.14

Type: local

Agent: unix

Published: 4/11/2008

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:openldap2.3, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 4/8/2008

Reference Information

CVE: CVE-2007-5707, CVE-2007-5708, CVE-2007-6698, CVE-2008-0658

CWE: 399

DSA: 1541