Ubuntu Security Notice 551-1

Ubuntu Security Notice 551-1: Posted Dec 4, 2007; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 551-1 - Thomas Sesselmann discovered that the OpenLDAP slapd server did not properly handle certain modify requests. A remote attacker could send malicious modify requests to the server and cause a denial of service. Toby Blake discovered that slapd did not properly terminate an array while running as a proxy-caching server. A remote attacker may be able to send crafted search requests to the server and cause a denial of service. This issue only affects Ubuntu 7.04 and 7.10.; tags | advisory, remote, denial of service; systems | linux, ubuntu; advisories | CVE-2007-5707, CVE-2007-5708; SHA-256 | d77193488d3e81250b1087fc995f46a172b56f6fe7501029020c1bff97cc061c; Download | Favorite | View

Ubuntu Security Notice 551-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================
Ubuntu Security Notice USN-551-1          December 04, 2007
openldap vulnerabilities
CVE-2007-5707, CVE-2007-5708
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  slapd                           2.2.26-5ubuntu2.4

Ubuntu 6.10:
  slapd                           2.2.26-5ubuntu3.2

Ubuntu 7.04:
  slapd                           2.3.30-2ubuntu0.1

Ubuntu 7.10:
  slapd                           2.3.35-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Thomas Sesselmann discovered that the OpenLDAP slapd server
did not properly handle certain modify requests. A remote
attacker could send malicious modify requests to the server
and cause a denial of service. (CVE-2007-5707)

Toby Blake discovered that slapd did not properly terminate
an array while running as a proxy-caching server. A remote
attacker may be able to send crafted search requests to the
server and cause a denial of service. This issue only affects
Ubuntu 7.04 and 7.10. (CVE-2007-5708)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.4.diff.gz
      Size/MD5:   511262 b54753c0e681803599125b18bef714ff

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.4.dsc
      Size/MD5:     1020 519f96ba1375478163e3c40e881ae2d7

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
      Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.4_amd64.deb
      Size/MD5:   130406 8d3bf04e5529528c0ac26530b2070f78

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.4_amd64.deb
      Size/MD5:   165830 e66f9e954c0ea05b4e2611ccd9fbcce6

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.4_amd64.deb
      Size/MD5:   961236 e5a89ad1cf97801efd27c52191703752

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.4_i386.deb
      Size/MD5:   118302 c57c5729bc9cf5ada18ebc3bef77d8da

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.4_i386.deb
      Size/MD5:   145954 caf31365b85db0e03a5f9884dda48fc7

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.4_i386.deb
      Size/MD5:   872794 8e5380a50fef5a25ac83c309f9a09a7d

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.4_powerpc.deb
      Size/MD5:   132560 bcef53015f0225ad7e216d94f23d1190

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.4_powerpc.deb
      Size/MD5:   157010 2132bdab3beff83ae731103602cdc38d

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.4_powerpc.deb
      Size/MD5:   959310 629b33d57e8087fbb8f5be51203f6dee

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.4_sparc.deb
      Size/MD5:   120616 13c31cc42532a60ceb499fc044356dc8

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.4_sparc.deb
      Size/MD5:   148044 3bf8d5ec833a67b9660bb7a448ae0c89

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.4_sparc.deb
      Size/MD5:   903250 43b642eccf4fdb4b2ae81d9f4e65236d

Updated packages for Ubuntu 6.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.2.diff.gz
      Size/MD5:   512406 0a7387e1542e833d4fcf3dd458571805

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.2.dsc
      Size/MD5:     1020 2926a0c36b89ebb9dc498005f4a8c93a

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
      Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.2_amd64.deb
      Size/MD5:   130568 2c0d6fd715c4049d464acc6da91db771

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.2_amd64.deb
      Size/MD5:   166602 43b9daf9f2938ee91818e08ef88e3897

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.2_amd64.deb
      Size/MD5:   958238 76f32588bf19a293993f59281a1b19db

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.2_i386.deb
      Size/MD5:   121234 8ef74f1ac973fd76c383c82d5ed1fcc8

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.2_i386.deb
      Size/MD5:   152394 20c8c28e5c8f62db165592a847728600

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.2_i386.deb
      Size/MD5:   900626 2fd37c48cbee64886b75665f3c4b22b7

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.2_powerpc.deb
      Size/MD5:   133566 9f8ff85e0bcc546a35174d5f8e4c32d4

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.2_powerpc.deb
      Size/MD5:   158770 7051d8aa41997d86ad9bdd1f0cbd09fd

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.2_powerpc.deb
      Size/MD5:   966444 a0a61d9af0fd64251f75cf6062e85834

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.2_sparc.deb
      Size/MD5:   121492 9e05e58bb98a5ddd53656fd82a23d45b

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.2_sparc.deb
      Size/MD5:   149232 8f73c53ad74062f446aac3c31ef953ff

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.2_sparc.deb
      Size/MD5:   909242 2a9d3a22330886f4bf727ea1d19187e0

Updated packages for Ubuntu 7.04:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.1.diff.gz
      Size/MD5:   139726 79fb0171f368ca4312d48d4c695edb53

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.1.dsc
      Size/MD5:     1295 fc1bc630868634c3937dea90fe7f9c4e

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
      Size/MD5:  2971126 c40bcc23fa65908b8d7a86a4a6061251

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.1_amd64.deb
      Size/MD5:   187572 cb6072c694a417d01d3da06c94977a4e

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.1_amd64.deb
      Size/MD5:   292212 5afbe83546e56db28b59906d7820d92d

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.1_amd64.deb
      Size/MD5:  1227928 e2e2e821b94b2940bd599ad513922d7f

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.1_i386.deb
      Size/MD5:   155982 05d6d346c35f7e6f3e3b3f13916cc7cb

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.1_i386.deb
      Size/MD5:   267352 c0309cfc9c84f183df478d51c040400b

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.1_i386.deb
      Size/MD5:  1154660 fa9fd13816f4181219749a39ec891413

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.1_powerpc.deb
      Size/MD5:   203570 ee80e1eeb0e3affccecc9974bbc3e91d

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.1_powerpc.deb
      Size/MD5:   294320 67698b61c8e2aa0b914b02483449813c

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.1_powerpc.deb
      Size/MD5:  1280328 a559f7311835769efd965854e324036e

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.1_sparc.deb
      Size/MD5:   164312 51a13892bf9013a12b2f356282281421

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.1_sparc.deb
      Size/MD5:   264178 6fccf9f07791c6cf5ed41c52cdaac2cb

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.1_sparc.deb
      Size/MD5:  1169780 f5d2064a6f5a560151865d87d963e3db

Updated packages for Ubuntu 7.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.1.diff.gz
      Size/MD5:   153304 035a13818eebaca172ef7fb2e1b73f83

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.1.dsc
      Size/MD5:     1305 89bc62db8536ab8292fc3afabbce98b5

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35.orig.tar.gz
      Size/MD5:  2947629 5096146b7a7eb6ce3b0a97549347b5be

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.1_amd64.deb
      Size/MD5:   189744 dce285ce9164fe57f56d99a53935205a

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.1_amd64.deb
      Size/MD5:   346882 1e33bf330b7551e2035ba32f576ed8c7

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.1_amd64.deb
      Size/MD5:  1295526 f16e6d501bb115b4c5b24ac7af676043

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.1_i386.deb
      Size/MD5:   155172 b1229c692b2b0e90842f2a3963710d44

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.1_i386.deb
      Size/MD5:   314500 ea70a6f6d29f2458401cd0de1a99772f

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.1_i386.deb
      Size/MD5:  1215670 083901dcaadcb356d8d743facbe76410

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.1_powerpc.deb
      Size/MD5:   204936 8144ae85dd773e4126bfb13dda6f383f

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.1_powerpc.deb
      Size/MD5:   345608 449f262dee94fc35f907e3da735b2ff0

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.1_powerpc.deb
      Size/MD5:  1344728 bec28b0dfb90095961a484ec2f3cc96e

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.1_sparc.deb
      Size/MD5:   166128 e14bbb2254d7a577b3f04453b8743ac5

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.1_sparc.deb
      Size/MD5:   306682 95a1008f5696a6d9cb6f9e7e521c7ab8

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.1_sparc.deb
      Size/MD5:  1228072 8ffd29411e996e6a5853f29621d092d3


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHVMZ2W0JvuRdL8BoRAo44AJ4lKdQaZEkOT/rJCCH87ZHB/sPK9ACghXsW
uzbIzU1FCeG9gaq4dD0g+kQ=
=QjYS
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Ubuntu Security Notice 551-1

Ubuntu Security Notice 551-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice 551-1

Share This

Ubuntu Security Notice 551-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems