Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Производитель ПО
Наименование ПО
openldap
(Unknown)
Описание
liblber/io.c в OpenLDAP позволяет злоумышленникам, действующим удаленно, вызвать отказ в обслуживании (завершение работы программы), используя специально сформированные датаграммы ASN.1 BER, которые приводят к ошибке assertion.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.openldap.org/
http://www.openldap.org/
Ссылки
FEDORA (FEDORA-2008-6062): https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00129.html
FEDORA (FEDORA-2008-6029): https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00109.html
CONFIRM (https://issues.rpath.com/browse/RPL-2645): https://issues.rpath.com/browse/RPL-2645
XF (openldap-bergetnext-dos(43515)): http://xforce.iss.net/xforce/xfdb/43515
MISC (http://www.zerodayinitiative.com/advisories/ZDI-08-052/): http://www.zerodayinitiative.com/advisories/ZDI-08-052/
UBUNTU (USN-634-1): http://www.ubuntu.com/usn/usn-634-1
SECTRACK (1020405): http://www.securitytracker.com/id?1020405
BID (30013): http://www.securityfocus.com/bid/30013
BUGTRAQ (20080811 rPSA-2008-0249-1 openldap openldap-clients openldap-servers): http://www.securityfocus.com/archive/1/archive/1/495320/100/0/threaded
REDHAT (RHSA-2008:0583): http://www.redhat.com/support/errata/RHSA-2008-0583.html
MLIST ([oss-security] 20080713 Re: openldap DoS): http://www.openwall.com/lists/oss-security/2008/07/13/2
MLIST ([oss-security 20080701 Re: [oss-security] openldap DoS): http://www.openwall.com/lists/oss-security/2008/07/01/2
CONFIRM (http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580): http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580
CONFIRM (http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580): http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580
MANDRIVA (MDVSA-2008:144): http://www.mandriva.com/security/advisories?name=MDVSA-2008:144
VUPEN (ADV-2008-2268): http://www.frsirt.com/english/advisories/2008/2268
VUPEN (ADV-2008-1978): http://www.frsirt.com/english/advisories/2008/1978/references
DEBIAN (DSA-1650): http://www.debian.org/security/2008/dsa-1650
CONFIRM (http://wiki.rpath.com/Advisories:rPSA-2008-0249): http://wiki.rpath.com/Advisories:rPSA-2008-0249
GENTOO (GLSA-200808-09): http://security.gentoo.org/glsa/glsa-200808-09.xml
SUSE (SUSE-SR:2008:021): http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
APPLE (APPLE-SA-2008-07-31): http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
FEDORA (FEDORA-2008-6029): https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00109.html
CONFIRM (https://issues.rpath.com/browse/RPL-2645): https://issues.rpath.com/browse/RPL-2645
XF (openldap-bergetnext-dos(43515)): http://xforce.iss.net/xforce/xfdb/43515
MISC (http://www.zerodayinitiative.com/advisories/ZDI-08-052/): http://www.zerodayinitiative.com/advisories/ZDI-08-052/
UBUNTU (USN-634-1): http://www.ubuntu.com/usn/usn-634-1
SECTRACK (1020405): http://www.securitytracker.com/id?1020405
BID (30013): http://www.securityfocus.com/bid/30013
BUGTRAQ (20080811 rPSA-2008-0249-1 openldap openldap-clients openldap-servers): http://www.securityfocus.com/archive/1/archive/1/495320/100/0/threaded
REDHAT (RHSA-2008:0583): http://www.redhat.com/support/errata/RHSA-2008-0583.html
MLIST ([oss-security] 20080713 Re: openldap DoS): http://www.openwall.com/lists/oss-security/2008/07/13/2
MLIST ([oss-security 20080701 Re: [oss-security] openldap DoS): http://www.openwall.com/lists/oss-security/2008/07/01/2
CONFIRM (http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580): http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580
CONFIRM (http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580): http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580
MANDRIVA (MDVSA-2008:144): http://www.mandriva.com/security/advisories?name=MDVSA-2008:144
VUPEN (ADV-2008-2268): http://www.frsirt.com/english/advisories/2008/2268
VUPEN (ADV-2008-1978): http://www.frsirt.com/english/advisories/2008/1978/references
DEBIAN (DSA-1650): http://www.debian.org/security/2008/dsa-1650
CONFIRM (http://wiki.rpath.com/Advisories:rPSA-2008-0249): http://wiki.rpath.com/Advisories:rPSA-2008-0249
GENTOO (GLSA-200808-09): http://security.gentoo.org/glsa/glsa-200808-09.xml
SUSE (SUSE-SR:2008:021): http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
APPLE (APPLE-SA-2008-07-31): http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html