__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN OpenLDAP Security and Enhancement Update [Red Hat RHSA-2007:1037-3] November 9, 2007 18:00 GMT Number S-045 [REVISED 16 Nov 2007] [REVISED 14 Apr 2008] ______________________________________________________________________________ PROBLEM: A flaw was found in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes. PLATFORM: RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 4) Debian GNU/Linux 4.0 (stable) DAMAGE: A local or remote attacker could create an LDAP request which could cause a denial of service by crashing slapd. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. A local or remote attacker could create an ASSESSMENT: LDAP request which could cause a denial of service by crashing slapd. A flaw was found in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-045.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-1037.html ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-1037.html ADDITIONAL LINKS: https://rhn.redhat.com/errata/RHSA-2007-1038.html http://www.debian.org/security/2008/dsa-1541 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-5707 ______________________________________________________________________________ REVISION HISTORY: 11/16/2007 - revised S-045 to add a link to Red Hat RHSA-2007:1038-3 for Red Hat Desktop (v. 4), Red Hat Enterprise Linux AS, ES, WS (v. 4). 04/14/2008 - revised S-045 to add a link to Debian Security Advisori DSA-1541-1 for Debian GNU/Linux 4.0 (stable). [***** Start Red Hat RHSA-2007:1037-3 *****] Important: openldap security and enhancement update Advisory: RHSA-2007:1037-3 Type: Security Advisory Severity: Important Issued on: 2007-11-08 Last updated on: 2007-11-08 Affected Products: RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) OVAL: com.redhat.rhsa-20071037.xml CVEs (cve.mitre.org): CVE-2007-5707 Details Updated openldap packages that fix a security flaw are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes. A local or remote attacker could create an LDAP request which could cause a denial of service by crashing slapd. (CVE-2007-5707) In addition, the following feature was added: * OpenLDAP client tools now have new option to configure their bind timeout. All users are advised to upgrade to these updated openldap packages, which contain a backported patch to correct this issue and provide this security enhancement. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages RHEL Desktop Workstation (v. 5 client) -------------------------------------------------------------------------------- IA-32: openldap-devel-2.3.27-8.el5_1.1.i386.rpm 4cad3c430c370da07ea0eacb5130a984 openldap-servers-2.3.27-8.el5_1.1.i386.rpm 10aa30c19f16402452db01a63822eeda openldap-servers-sql-2.3.27-8.el5_1.1.i386.rpm e17cd90ffb57b2e89784ea739fee01f9 x86_64: openldap-devel-2.3.27-8.el5_1.1.i386.rpm 4cad3c430c370da07ea0eacb5130a984 openldap-devel-2.3.27-8.el5_1.1.x86_64.rpm 22db8736c7b62aed630a12a13aaeb4a5 openldap-servers-2.3.27-8.el5_1.1.x86_64.rpm 756b6bf4b1b5cf712d8a3a53991504df openldap-servers-sql-2.3.27-8.el5_1.1.x86_64.rpm 7540833a0e9a42bf5c924232acce3289 Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: openldap-2.3.27-8.el5_1.1.src.rpm 29bf968603231319b6ed63fe1829e4b7 IA-32: compat-openldap-2.3.27_2.2.29-8.el5_1.1.i386.rpm a33da7778f862ffb7fc325d2f3f5f8b2 openldap-2.3.27-8.el5_1.1.i386.rpm ff17c8f4052f3237fa199dcef8c64a61 openldap-clients-2.3.27-8.el5_1.1.i386.rpm 9a14674d6c9cabd96c710625143130c3 openldap-devel-2.3.27-8.el5_1.1.i386.rpm 4cad3c430c370da07ea0eacb5130a984 openldap-servers-2.3.27-8.el5_1.1.i386.rpm 10aa30c19f16402452db01a63822eeda openldap-servers-sql-2.3.27-8.el5_1.1.i386.rpm e17cd90ffb57b2e89784ea739fee01f9 IA-64: compat-openldap-2.3.27_2.2.29-8.el5_1.1.i386.rpm a33da7778f862ffb7fc325d2f3f5f8b2 compat-openldap-2.3.27_2.2.29-8.el5_1.1.ia64.rpm 1410496cee6ea7b8b5a093eb70c2ea82 openldap-2.3.27-8.el5_1.1.i386.rpm ff17c8f4052f3237fa199dcef8c64a61 openldap-2.3.27-8.el5_1.1.ia64.rpm ca57ced22fa4db209dd97e9124953ca3 openldap-clients-2.3.27-8.el5_1.1.ia64.rpm 8218d683c95451dcd7678fe5c5535f6c openldap-devel-2.3.27-8.el5_1.1.ia64.rpm 92dfcd0bc1155c240d0f464e1d992b90 openldap-servers-2.3.27-8.el5_1.1.ia64.rpm a29e06d09252e0b24f4e3c46ec9695e9 openldap-servers-sql-2.3.27-8.el5_1.1.ia64.rpm c92b09b6f9fb48ee2c6ab023e0b8931d PPC: compat-openldap-2.3.27_2.2.29-8.el5_1.1.ppc.rpm 853a0b6a9d1898f0a52a56da4b51c535 compat-openldap-2.3.27_2.2.29-8.el5_1.1.ppc64.rpm 0f2955d1fbff30d65704e15b44cb8c9a openldap-2.3.27-8.el5_1.1.ppc.rpm 8450b36491cf6898c176a95daba635b4 openldap-2.3.27-8.el5_1.1.ppc64.rpm 978ae45373c0dfb5f9a46711aa41c1ab openldap-clients-2.3.27-8.el5_1.1.ppc.rpm 51e25efe23ff1ce464e68f8c51f8882b openldap-devel-2.3.27-8.el5_1.1.ppc.rpm fd4ba1cc4f336edc94b1b8d8caa399c2 openldap-devel-2.3.27-8.el5_1.1.ppc64.rpm 842e698549089dc1b756612ec51699dc openldap-servers-2.3.27-8.el5_1.1.ppc.rpm 959047cfa1cfa7799dd976e3b3775456 openldap-servers-sql-2.3.27-8.el5_1.1.ppc.rpm 2f5028b06a4504b951af635cf71c7391 s390x: compat-openldap-2.3.27_2.2.29-8.el5_1.1.s390.rpm 6e4d344c83258c8248ebe7ef489cf968 compat-openldap-2.3.27_2.2.29-8.el5_1.1.s390x.rpm e0d1df373ee917a054c72dab5751bd16 openldap-2.3.27-8.el5_1.1.s390.rpm dbe6d4f8399099e5414d7379784a3303 openldap-2.3.27-8.el5_1.1.s390x.rpm 0f7e80ef9c51cd9d0c9f69f67df5d307 openldap-clients-2.3.27-8.el5_1.1.s390x.rpm 370d2ba76d13bc29b2ed3bed36e10178 openldap-devel-2.3.27-8.el5_1.1.s390.rpm fbff33bbbdc8cdcfb47baf4e51db7446 openldap-devel-2.3.27-8.el5_1.1.s390x.rpm 96dc56e05d18ea4951a06302ecde6a58 openldap-servers-2.3.27-8.el5_1.1.s390x.rpm 51c3472db3a88cd90310414212dd905d openldap-servers-sql-2.3.27-8.el5_1.1.s390x.rpm fac283990840fa3a9275d07244d19292 x86_64: compat-openldap-2.3.27_2.2.29-8.el5_1.1.i386.rpm a33da7778f862ffb7fc325d2f3f5f8b2 compat-openldap-2.3.27_2.2.29-8.el5_1.1.x86_64.rpm c34a4bf153b8ada745022313a1a40f0a openldap-2.3.27-8.el5_1.1.i386.rpm ff17c8f4052f3237fa199dcef8c64a61 openldap-2.3.27-8.el5_1.1.x86_64.rpm 690b46cca06173f27e0e052bb25a726e openldap-clients-2.3.27-8.el5_1.1.x86_64.rpm 74179f661375bbba59aa33c24d25201b openldap-devel-2.3.27-8.el5_1.1.i386.rpm 4cad3c430c370da07ea0eacb5130a984 openldap-devel-2.3.27-8.el5_1.1.x86_64.rpm 22db8736c7b62aed630a12a13aaeb4a5 openldap-servers-2.3.27-8.el5_1.1.x86_64.rpm 756b6bf4b1b5cf712d8a3a53991504df openldap-servers-sql-2.3.27-8.el5_1.1.x86_64.rpm 7540833a0e9a42bf5c924232acce3289 Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: openldap-2.3.27-8.el5_1.1.src.rpm 29bf968603231319b6ed63fe1829e4b7 IA-32: compat-openldap-2.3.27_2.2.29-8.el5_1.1.i386.rpm a33da7778f862ffb7fc325d2f3f5f8b2 openldap-2.3.27-8.el5_1.1.i386.rpm ff17c8f4052f3237fa199dcef8c64a61 openldap-clients-2.3.27-8.el5_1.1.i386.rpm 9a14674d6c9cabd96c710625143130c3 x86_64: compat-openldap-2.3.27_2.2.29-8.el5_1.1.i386.rpm a33da7778f862ffb7fc325d2f3f5f8b2 compat-openldap-2.3.27_2.2.29-8.el5_1.1.x86_64.rpm c34a4bf153b8ada745022313a1a40f0a openldap-2.3.27-8.el5_1.1.i386.rpm ff17c8f4052f3237fa199dcef8c64a61 openldap-2.3.27-8.el5_1.1.x86_64.rpm 690b46cca06173f27e0e052bb25a726e openldap-clients-2.3.27-8.el5_1.1.x86_64.rpm 74179f661375bbba59aa33c24d25201b (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 359851 - CVE-2007-5707 openldap slapd DoS via objectClasses attribute References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5707 http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:1037-3 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) S-035: Perdition Format String Error S-036: Mono Vulnerability S-037: Perl-Compatible Regular Expression (PCRE) Vulnerabilities S-038: Perl Security Update S-039: httpd Security Update S-040: Vulnerability in Macrovision SECDRV.SYS Driver on Windows S-041: Wireshark Security Update S-042: CoolKey Security and Bug Fix Update S-043: OpenSSH Security and Bug Fix Update S-044: Apple QuickTime 7.3 Security Update