FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5707

This CVE name corresponds to:

Entered Topic
2007-10-30 openldap -- multiple remote denial of service vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-5707 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-5707
Phase Assigned(20071030)

Description

OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.

References

Source Reference
MISC http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5119
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632
MLIST [openldap-announce] 20071026 OpenLDAP 2.3.39 available
CONFIRM http://support.apple.com/kb/HT3937
APPLE APPLE-SA-2009-11-09-1
DEBIAN DSA-1541
FEDORA FEDORA-2007-741
GENTOO GLSA-200803-28
MANDRIVA MDKSA-2007:215
REDHAT RHSA-2007:1037
REDHAT RHSA-2007:1038
SUSE SUSE-SR:2007:024
UBUNTU USN-551-1
BID 26245
OVAL oval:org.mitre.oval:def:10183
VUPEN ADV-2007-3645
SECTRACK 1018924
SECUNIA 27424
SECUNIA 27587
SECUNIA 27596
SECUNIA 27683
SECUNIA 27868
SECUNIA 27756
SECUNIA 29461
SECUNIA 29682
VUPEN ADV-2009-3184

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.