Support / Security / Advisories / Corporate Server 3.0 / MDKSA-2006:208

Package name: openldap
Date: 2006-11-14
Advisory ID: MDKSA-2006:208
Affected versions: CS4.0 x86_64 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problem description

An unspecified vulnerability in OpenLDAP allows remote attackers to
cause a denial of service (daemon crash) via a certain combination of
SASL Bind requests that triggers an assertion failure in libldap.

Packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 b82aaccd80eb00bce088c527d246da23  corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.1.20060mlcs4.x86_64.rpm
 081db34fc9f26674c5f3e66dbf55beb7  corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.1.20060mlcs4.x86_64.rpm
 bae33dc8d695f5066afb02758d3a6ccb  corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.1.20060mlcs4.x86_64.rpm
 36ba69c7f7ae3664ac5a9f1ce5d15294  corporate/4.0/x86_64/openldap-2.3.27-1.1.20060mlcs4.x86_64.rpm
 5ec8ee09c948ef6e83287ca6855b730a  corporate/4.0/x86_64/openldap-clients-2.3.27-1.1.20060mlcs4.x86_64.rpm
 58445377fced4fe1c64b4f5e1c484eaa  corporate/4.0/x86_64/openldap-doc-2.3.27-1.1.20060mlcs4.x86_64.rpm
 076df2a66bbee52c444ab19f3268d5db  corporate/4.0/x86_64/openldap-servers-2.3.27-1.1.20060mlcs4.x86_64.rpm 
 c5d9d03480f8377b56765da2b82d7645  corporate/4.0/SRPMS/openldap-2.3.27-1.1.20060mlcs4.src.rpm

2006.0 i586

 b72665688e5e1ff9b6fe0e681af6cb05  2006.0/i586/libldap2.3_0-2.3.6-4.3.20060mdk.i586.rpm
 84a2dc039815bb6d67683d4e63ca0621  2006.0/i586/libldap2.3_0-devel-2.3.6-4.3.20060mdk.i586.rpm
 1fbf4c412d038ed9b8f858e33a35ead5  2006.0/i586/libldap2.3_0-static-devel-2.3.6-4.3.20060mdk.i586.rpm
 7bcd4adfab46638fb4dad1e348bc59bf  2006.0/i586/openldap-2.3.6-4.3.20060mdk.i586.rpm
 639fa71315c66e551ac238c9f3de2bd4  2006.0/i586/openldap-clients-2.3.6-4.3.20060mdk.i586.rpm
 852dd34144c00b4133ec682ec51bc9e6  2006.0/i586/openldap-doc-2.3.6-4.3.20060mdk.i586.rpm
 6dfb754e096a7b5938abdc2e9075f1db  2006.0/i586/openldap-servers-2.3.6-4.3.20060mdk.i586.rpm 
 33c1cbabec53f8a4ae97814ee00ede84  2006.0/SRPMS/openldap-2.3.6-4.3.20060mdk.src.rpm

2007.0 x86_64

 842e1009b0f1df726c6782ccc44a9f8e  2007.0/x86_64/lib64ldap2.3_0-2.3.27-1.1mdv2007.0.x86_64.rpm
 14a0154ec9c9c14cff5f1071792188fa  2007.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.1mdv2007.0.x86_64.rpm
 08be2ac440ca59f1d572f15479c2813a  2007.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.1mdv2007.0.x86_64.rpm
 15d356bbf748f5ac65068e51aeed23f6  2007.0/x86_64/openldap-2.3.27-1.1mdv2007.0.x86_64.rpm
 d90efede17b72263125047dedfcf8ede  2007.0/x86_64/openldap-clients-2.3.27-1.1mdv2007.0.x86_64.rpm
 ab5d0a91199c1e3f72bccbec7de94d9c  2007.0/x86_64/openldap-doc-2.3.27-1.1mdv2007.0.x86_64.rpm
 959d798ef393b2ce85aff8311390f41c  2007.0/x86_64/openldap-servers-2.3.27-1.1mdv2007.0.x86_64.rpm 
 f5dca5dfc0b0b9dc943eb91329d5edd4  2007.0/SRPMS/openldap-2.3.27-1.1mdv2007.0.src.rpm

2007.0 i586

 39b1958af245ecfcecf20c97ad4bc166  2007.0/i586/libldap2.3_0-2.3.27-1.1mdv2007.0.i586.rpm
 c40f187a17e9cc9343072d2cb85c907c  2007.0/i586/libldap2.3_0-devel-2.3.27-1.1mdv2007.0.i586.rpm
 26791df1fecb524951de012a18cd0bee  2007.0/i586/libldap2.3_0-static-devel-2.3.27-1.1mdv2007.0.i586.rpm
 89b2d92928afb2c7ecfaa0e1cb19c2fc  2007.0/i586/openldap-2.3.27-1.1mdv2007.0.i586.rpm
 110928ada569de751e90b6458f15d70c  2007.0/i586/openldap-clients-2.3.27-1.1mdv2007.0.i586.rpm
 02ab9fa4f2df8939006274859bad973e  2007.0/i586/openldap-doc-2.3.27-1.1mdv2007.0.i586.rpm
 f1c1cdd706a0d588169f43fdf0364798  2007.0/i586/openldap-servers-2.3.27-1.1mdv2007.0.i586.rpm 
 f5dca5dfc0b0b9dc943eb91329d5edd4  2007.0/SRPMS/openldap-2.3.27-1.1mdv2007.0.src.rpm

CS3.0 x86_64

 69b5e3f05a202fe319c547c376c26f43  corporate/3.0/x86_64/lib64ldap2-2.1.25-7.3.C30mdk.x86_64.rpm
 86e94f0d7df100c840f8fa649f2c8f04  corporate/3.0/x86_64/lib64ldap2-devel-2.1.25-7.3.C30mdk.x86_64.rpm
 ec89988f5d9f6bf013de22736735ad3a  corporate/3.0/x86_64/lib64ldap2-devel-static-2.1.25-7.3.C30mdk.x86_64.rpm
 12f6b3d614fde22c3d1d0458b47b2e09  corporate/3.0/x86_64/openldap-2.1.25-7.3.C30mdk.x86_64.rpm
 9e70aa982d5edf76205affe8c6547c7c  corporate/3.0/x86_64/openldap-back_dnssrv-2.1.25-7.3.C30mdk.x86_64.rpm
 0ca56de551113c06139523c8060ee04f  corporate/3.0/x86_64/openldap-back_ldap-2.1.25-7.3.C30mdk.x86_64.rpm
 e120437dc64eecb38695827b659d534d  corporate/3.0/x86_64/openldap-back_passwd-2.1.25-7.3.C30mdk.x86_64.rpm
 c3f0c912cf165a322d1e490c02b46b7c  corporate/3.0/x86_64/openldap-back_sql-2.1.25-7.3.C30mdk.x86_64.rpm
 572a10324d86c9376e7b585617daeecb  corporate/3.0/x86_64/openldap-clients-2.1.25-7.3.C30mdk.x86_64.rpm
 0ea5646134953fa6a599ba1dc52c5c67  corporate/3.0/x86_64/openldap-doc-2.1.25-7.3.C30mdk.x86_64.rpm
 12271a5c7103edc6515fc13f13ae390d  corporate/3.0/x86_64/openldap-migration-2.1.25-7.3.C30mdk.x86_64.rpm
 60d1bc217a56e8ed0acccf9243f77e42  corporate/3.0/x86_64/openldap-servers-2.1.25-7.3.C30mdk.x86_64.rpm 
 184104c031fff375d12005fac7d6352e  corporate/3.0/SRPMS/openldap-2.1.25-7.3.C30mdk.src.rpm

CS4.0 i586

 7a96aee0968898d0a46ac7107849ea56  corporate/4.0/i586/libldap2.3_0-2.3.27-1.1.20060mlcs4.i586.rpm
 f98daa7a97e82d79fac31548c85c456b  corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.1.20060mlcs4.i586.rpm
 cf50b0867443ec18b5849a7bef113eb5  corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.1.20060mlcs4.i586.rpm
 614aff258fbd40b6823280a70bcfb17c  corporate/4.0/i586/openldap-2.3.27-1.1.20060mlcs4.i586.rpm
 7a27a65d85b8e40413c72745c8b9daff  corporate/4.0/i586/openldap-clients-2.3.27-1.1.20060mlcs4.i586.rpm
 aefdaa8925507142a24d1d416e71d82e  corporate/4.0/i586/openldap-doc-2.3.27-1.1.20060mlcs4.i586.rpm
 f24e13fcae66cd5905ac8cf0bc85a687  corporate/4.0/i586/openldap-servers-2.3.27-1.1.20060mlcs4.i586.rpm 
 c5d9d03480f8377b56765da2b82d7645  corporate/4.0/SRPMS/openldap-2.3.27-1.1.20060mlcs4.src.rpm

CS3.0 i586

 f3499debd45315f02d33eda18e5c86b7  corporate/3.0/i586/libldap2-2.1.25-7.3.C30mdk.i586.rpm
 68ca2a014ada5bbd31214cf028b37463  corporate/3.0/i586/libldap2-devel-2.1.25-7.3.C30mdk.i586.rpm
 aa5847991ac3354a5ea0a1bad87b0a67  corporate/3.0/i586/libldap2-devel-static-2.1.25-7.3.C30mdk.i586.rpm
 628a3eaff7a146fb0bb1d8d90ecb42e0  corporate/3.0/i586/openldap-2.1.25-7.3.C30mdk.i586.rpm
 957f7be83dbf78efd6a2d268d9141ff6  corporate/3.0/i586/openldap-back_dnssrv-2.1.25-7.3.C30mdk.i586.rpm
 4ce6284c6afd75d84ea37606ae1d6e93  corporate/3.0/i586/openldap-back_ldap-2.1.25-7.3.C30mdk.i586.rpm
 270c11c28dfc20c64e1533d2898d36cf  corporate/3.0/i586/openldap-back_passwd-2.1.25-7.3.C30mdk.i586.rpm
 5d7d58339e9201248fc010575cb31869  corporate/3.0/i586/openldap-back_sql-2.1.25-7.3.C30mdk.i586.rpm
 a9abf93db02be8a440e1552f68de461f  corporate/3.0/i586/openldap-clients-2.1.25-7.3.C30mdk.i586.rpm
 276f933bf4b2b4ec2154c1711e390528  corporate/3.0/i586/openldap-doc-2.1.25-7.3.C30mdk.i586.rpm
 e5413f3739f4f0b05d5613fcfe4ed440  corporate/3.0/i586/openldap-migration-2.1.25-7.3.C30mdk.i586.rpm
 b853003aec279c201f340c2a4e522b6d  corporate/3.0/i586/openldap-servers-2.1.25-7.3.C30mdk.i586.rpm 
 184104c031fff375d12005fac7d6352e  corporate/3.0/SRPMS/openldap-2.1.25-7.3.C30mdk.src.rpm

2006.0 x86_64

 6d18e8fcd352be094574246da2a79c42  2006.0/x86_64/lib64ldap2.3_0-2.3.6-4.3.20060mdk.x86_64.rpm
 b27b5f57402c4a3f962804f1b704f1a2  2006.0/x86_64/lib64ldap2.3_0-devel-2.3.6-4.3.20060mdk.x86_64.rpm
 c637b0949ac7724b60bac03f00844ecd  2006.0/x86_64/lib64ldap2.3_0-static-devel-2.3.6-4.3.20060mdk.x86_64.rpm
 e04a970029040bc722942d6a04db4710  2006.0/x86_64/openldap-2.3.6-4.3.20060mdk.x86_64.rpm
 246c24e419b857592a719e6d02f4d1d9  2006.0/x86_64/openldap-clients-2.3.6-4.3.20060mdk.x86_64.rpm
 97c6bfac30389a0b3a64c7d7783a3e9a  2006.0/x86_64/openldap-doc-2.3.6-4.3.20060mdk.x86_64.rpm
 31dcb6111bcb5204d47f86bf210daa27  2006.0/x86_64/openldap-servers-2.3.6-4.3.20060mdk.x86_64.rpm 
 33c1cbabec53f8a4ae97814ee00ede84  2006.0/SRPMS/openldap-2.3.6-4.3.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779