FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5708

This CVE name corresponds to:

Entered Topic
2007-10-30 openldap -- multiple remote denial of service vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-5708 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-5708
Phase Assigned(20071030)

Description

slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.

References

Source Reference
MISC http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163
MLIST [openldap-announce] 20071026 OpenLDAP 2.3.39 available
DEBIAN DSA-1541
FEDORA FEDORA-2007-741
GENTOO GLSA-200803-28
MANDRIVA MDVSA-2008:058
SUSE SUSE-SR:2007:024
UBUNTU USN-551-1
BID 26245
VUPEN ADV-2007-3645
SECUNIA 27424
SECUNIA 27683
SECUNIA 27868
SECUNIA 27756
SECUNIA 29225
SECUNIA 29461
SECUNIA 29682

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.