exploit the possibilities

Mandriva Linux Security Advisory 2012-130

Mandriva Linux Security Advisory 2012-130
Posted Aug 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-130 - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1164
MD5 | ba86740f6b87e91bfa27d872582bc9b5

Mandriva Linux Security Advisory 2012-130

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:130
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openldap
Date : August 11, 2012
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was found and corrected in openldap:

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause
a denial of service (assertion failure and daemon exit) via an LDAP
search query with attrsOnly set to true, which causes empty attributes
to be returned (CVE-2012-1164).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1164
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
a0f585b9cc602e2c390779878ec28b60 2011/i586/libldap2.4_2-2.4.25-5.1-mdv2011.0.i586.rpm
6e8470f34585ae872a9dbb6f8e6ab8fd 2011/i586/libldap2.4_2-devel-2.4.25-5.1-mdv2011.0.i586.rpm
1a6510f01195dd6a5e3c9efb12a3ae23 2011/i586/libldap2.4_2-static-devel-2.4.25-5.1-mdv2011.0.i586.rpm
b615006da5dc8c0c4446a95398333103 2011/i586/openldap-2.4.25-5.1-mdv2011.0.i586.rpm
e3687af48b45b74e07d2c6a361b9fcb9 2011/i586/openldap-clients-2.4.25-5.1-mdv2011.0.i586.rpm
28b1da2d9f1ef884586c05fc2b515af8 2011/i586/openldap-doc-2.4.25-5.1-mdv2011.0.i586.rpm
48455ddb713e25579d7b896eeb54eb6c 2011/i586/openldap-servers-2.4.25-5.1-mdv2011.0.i586.rpm
e644d57a43abf4927bc961288f0512d9 2011/i586/openldap-testprogs-2.4.25-5.1-mdv2011.0.i586.rpm
9f523560004df136ebae73293be0a248 2011/i586/openldap-tests-2.4.25-5.1-mdv2011.0.i586.rpm
2a4fb614cb248777479f4ad0ada1b0e1 2011/SRPMS/openldap-2.4.25-5.1.src.rpm

Mandriva Linux 2011/X86_64:
fc5554a11943b9090bd2cedb459554bf 2011/x86_64/lib64ldap2.4_2-2.4.25-5.1-mdv2011.0.x86_64.rpm
da0c6f883a4d575abf5deeb385a08351 2011/x86_64/lib64ldap2.4_2-devel-2.4.25-5.1-mdv2011.0.x86_64.rpm
8c73dc06f564a4c8718cd1441198be65 2011/x86_64/lib64ldap2.4_2-static-devel-2.4.25-5.1-mdv2011.0.x86_64.rpm
5506c097c009256c1e3f66ff80529c10 2011/x86_64/openldap-2.4.25-5.1-mdv2011.0.x86_64.rpm
49b1a8bb2c5d287401d8a1213cfea6c6 2011/x86_64/openldap-clients-2.4.25-5.1-mdv2011.0.x86_64.rpm
04106428c34666c3bd4d9ec11cad1149 2011/x86_64/openldap-doc-2.4.25-5.1-mdv2011.0.x86_64.rpm
48c623cb77e989287d16e92d9f90f7fc 2011/x86_64/openldap-servers-2.4.25-5.1-mdv2011.0.x86_64.rpm
59f3dea78861c5830892795265a231e1 2011/x86_64/openldap-testprogs-2.4.25-5.1-mdv2011.0.x86_64.rpm
569a463c1a72ae93b5870adc88bd1259 2011/x86_64/openldap-tests-2.4.25-5.1-mdv2011.0.x86_64.rpm
2a4fb614cb248777479f4ad0ada1b0e1 2011/SRPMS/openldap-2.4.25-5.1.src.rpm

Mandriva Enterprise Server 5:
ac64bbc7d8ca200156dc536e6d75075a mes5/i586/libldap2.4_2-2.4.11-3.5mdvmes5.2.i586.rpm
f0b7f8e277b3034d18acd08d919cff05 mes5/i586/libldap2.4_2-devel-2.4.11-3.5mdvmes5.2.i586.rpm
ca8f4df97b34b7a35b6a1990c9f57aeb mes5/i586/libldap2.4_2-static-devel-2.4.11-3.5mdvmes5.2.i586.rpm
5e80cdac51875822518f1d9aaefda9ba mes5/i586/openldap-2.4.11-3.5mdvmes5.2.i586.rpm
07e185aac8548187b5d11026219a624f mes5/i586/openldap-clients-2.4.11-3.5mdvmes5.2.i586.rpm
16523429cba27e613e0081716de274ea mes5/i586/openldap-doc-2.4.11-3.5mdvmes5.2.i586.rpm
92d3e40c6056770df384a97c8181ed5a mes5/i586/openldap-servers-2.4.11-3.5mdvmes5.2.i586.rpm
b64a33f139e42e8f333bb3ce67d9eed4 mes5/i586/openldap-testprogs-2.4.11-3.5mdvmes5.2.i586.rpm
b66a2488feb9d77313a4e348160ed150 mes5/i586/openldap-tests-2.4.11-3.5mdvmes5.2.i586.rpm
8441575fd588b770f8c5d4429b6ae546 mes5/SRPMS/openldap-2.4.11-3.5mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
319bf68f32b9e90d4eb94f2dbb09c0ae mes5/x86_64/lib64ldap2.4_2-2.4.11-3.5mdvmes5.2.x86_64.rpm
c7e671ed1f8c7ab5d2ec344a9fc33007 mes5/x86_64/lib64ldap2.4_2-devel-2.4.11-3.5mdvmes5.2.x86_64.rpm
f8e6fa2bb5de0b0a2be8e2c32580a7dc mes5/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.5mdvmes5.2.x86_64.rpm
59d6eb01cec1d1b7755ad34a27fd0e4e mes5/x86_64/openldap-2.4.11-3.5mdvmes5.2.x86_64.rpm
e68922e073e74f4304cad26a2feeef8e mes5/x86_64/openldap-clients-2.4.11-3.5mdvmes5.2.x86_64.rpm
c068cdde787faed3681520bf50f1af3b mes5/x86_64/openldap-doc-2.4.11-3.5mdvmes5.2.x86_64.rpm
fce9a3cd184d8b6e50e1042c27487de5 mes5/x86_64/openldap-servers-2.4.11-3.5mdvmes5.2.x86_64.rpm
a14024eed2b706146f5c8352b3b6c66b mes5/x86_64/openldap-testprogs-2.4.11-3.5mdvmes5.2.x86_64.rpm
8749414f01b1add397e3798ceb48e27f mes5/x86_64/openldap-tests-2.4.11-3.5mdvmes5.2.x86_64.rpm
8441575fd588b770f8c5d4429b6ae546 mes5/SRPMS/openldap-2.4.11-3.5mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQJq1wmqjQ0CJFipgRAq9uAJ4sDR3hT132yUqPnSojFtcBS0IVSgCfbMSA
MERS1gaVBfysasOAxm4fziU=
=dSpb
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    6 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close