CVE-2011-4079
Published: 27 October 2011
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.
Notes
Author | Note |
---|---|
tyhicks | Per Red Hat, this may not be exploitable due to properties of the memory allocator. |
jdstrand | patch requires http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=patch;h=d0dd8616f1c68a868afeb8c2c5c09969e366e2c0 while bug exists since 2003, postalAddressValidate() is only function that could pass a 0-length string, and this is not present in 8.04 LTS. while RedHat claims heap implementation makes this not exploitable, will patch Ubuntu 10.04 and higher just in case the evaluation is incorrect. |
Priority
Status
Package | Release | Status |
---|---|---|
openldap Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.4.21-0ubuntu5.6)
|
|
maverick |
Released
(2.4.23-0ubuntu3.7)
|
|
natty |
Released
(2.4.23-6ubuntu6.1)
|
|
oneiric |
Released
(2.4.25-1.1ubuntu4.1)
|
|
upstream |
Needed
|
|
Patches: upstream: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9 upstream: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=e75c8720191c12db55ab2342fc8f560011c591b8 |
||
openldap2.3 Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
(vulnerable code not present)
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needed
|