OpenLDAP DoS Vulnerability

2004-03-31T00:00:00
ID GLSA-200403-12
Type gentoo
Reporter Gentoo Foundation
Modified 2006-05-22T00:00:00

Description

Background

OpenLDAP is a suite of LDAP-related application and development tools. It includes slapd (the standalone LDAP server), slurpd (the standalone LDAP replication server), and various LDAP libraries, utilities and example clients.

Description

A password extended operation (password EXOP) which fails will cause the slapd server to free() an uninitialized pointer, possibly resulting in a segfault. This only affects servers using the back-ldbm backend.

Such a crash is not guaranteed with every failed operation, however, it is possible.

Impact

An attacker (or indeed, a normal user) may crash the OpenLDAP server, creating a Denial of Service condition.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

OpenLDAP users should upgrade to version 2.1.13 or later:

 # emerge sync

 # emerge -pv ">=net-nds/openldap-2.1.13"
 # emerge ">=net-nds/openldap-2.1.13"