oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE Request -- OpenLDAP -- two

Re: [oss-security] CVE Request -- OpenLDAP -- two issues

From: Thomas Biege <thomas_at_nospam>
Date: Mon Feb 28 2011 - 13:16:06 GMT
To: oss-security@lists.openwall.com

The following might also need a CVE-ID.

https://bugzilla.novell.com/show_bug.cgi?id=674985#c1
------------------------------------------------------------------------------
http://www.openldap.org/its/index.cgi/Software Bugs?id=6768

That's a pretty bad DOS. Everybody (even unauthenticated users) can kill the
server by submitting a MODRDN request with an empty "olddn" value and "remove
old RDN" set (-r). Example:

      ldapmodrdn -x -H ldap://ldapserver -r '' o=test
------------------------------------------------------------------------------

Am Freitag 25 Februar 2011 17:18:08 schrieb Josh Bressers:
> ----- Original Message -----
> > Hello Josh, Steve, vendors,
> >
> > looks like the following two issues did not get a CVE identifiers yet:
> > [1] http://secunia.com/advisories/43331/
>
> The above advisory covers both bugs below.
>
>
> > [2] http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607
>
> CVE-2011-1024 openldap forwarded bind failure messages cause success
>
>
> > [3] http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661
>
> CVE-2011-1025 openldap rootpw is not verified with slapd.conf
>
>
> Thanks.
>
>

-- Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach