CVE-2015-6908 in Ubuntu

CVE-2015-6908

Priority

Description

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and
earlier allows remote attackers to cause a denial of service (reachable
assertion and application crash) via crafted BER data, as demonstrated by
an attack against slapd.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6908
http://www.openwall.com/lists/oss-security/2015/09/11/2
https://usn.ubuntu.com/usn/usn-2742-1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798622
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240

Assigned-to

mdeslaur

Notes

Package

Source: openldap (LP Ubuntu Debian)

Upstream:	released (2.4.42+dfsg-2)
Ubuntu 14.04 ESM (Trusty Tahr):	released (2.4.31-1+nmu2ubuntu8.2)

Patches:

Upstream:

http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2019-12-05 18:42:47 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)