ID CVE-2007-6698
Summary The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:openldap:openldap:2.3.35
    cpe:2.3:a:openldap:openldap:2.3.35
CVSS
Base: 4.0 (as of 04-02-2008 - 10:04)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1541.NASL
    description Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5707 Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests. - CVE-2007-5708 Toby Blade discovered that incorrect memory handling in slapo-pcache could lead to denial of service through crafted search requests. - CVE-2007-6698 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modify requests. - CVE-2008-0658 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modrdn requests.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31811
    published 2008-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31811
    title Debian DSA-1541-1 : openldap2.3 - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENLDAP2-4989.NASL
    description Authenticated users could crash the LDAP server 'slapd' via the 'NOOP' command. (CVE-2007-6698 / CVE-2008-0658)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 32078
    published 2008-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32078
    title SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 4989)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENLDAP2-4999.NASL
    description Authenticated users could crash the LDAP server 'slapd' via the 'NOOP' command (CVE-2007-6698,CVE-2008-0658)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 32079
    published 2008-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32079
    title openSUSE 10 Security Update : openldap2 (openldap2-4999)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-058.NASL
    description A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service (CVE-2007-5708). Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658) operations could cause slapd to crash. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37371
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37371
    title Mandriva Linux Security Advisory : openldap (MDVSA-2008:058)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080221_OPENLDAP_ON_SL4_X.NASL
    description These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60361
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60361
    title Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12075.NASL
    description Authenticated users could crash the LDAP server 'slapd' via the 'NOOP' command. (CVE-2007-6698 / CVE-2008-0658)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41197
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41197
    title SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12075)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0110.NASL
    description Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 31138
    published 2008-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31138
    title CentOS 4 / 5 : openldap (CESA-2008:0110)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0110.NASL
    description From Red Hat Security Advisory 2008:0110 : Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67650
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67650
    title Oracle Linux 4 / 5 : openldap (ELSA-2008-0110)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-006.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42433
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42433
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-006)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-1307.NASL
    description - Tue Feb 5 2008 Jan Safranek 2.3.34-6 - fix CVE-2007-6698 (#431409) - Mon Jan 14 2008 Jan Safranek 2.3.34-5 - fix default slurpd directory to /var/lib/ldap (#424831) - Fri Nov 2 2007 Jan Safranek 2.3.34-4 - fix various security flaws (#360081) - Fri Jul 13 2007 Jan Safranek 2.3.34-3 - Fix initscript return codes (#242667) - Provide overlays including smbk5pwd (as modules; #246036, #245896, #220895) - Add available modules to config file - do not create script in /tmp on startup (bz#188298) - add compat-slapcat to openldap-compat (bz#179378) - do not import ddp services with migrate_services.pl (bz#201183) - sort the hosts by address, preventing duplicities in migrate*nis*.pl (bz#201540) - start slupd for each replicated database (bz#210155) - add ldconfig to devel post/postun (bz#240253) - include misc.schema in default slapd.conf (bz#147805) - Mon Apr 23 2007 Jan Safranek 2.3.34-2 - slapadd during package update is now quiet (bz#224581) - use _localstatedir instead of var/ during build (bz#220970) - bind-libbind-devel removed from BuildRequires (bz#216851) - slaptest is now quiet during service ldap start, if there is no error/warning (bz#143697) - libldap_r.so now links with pthread (bz#198226) - do not strip binaries to produce correct .debuginfo packages (bz#152516) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 30236
    published 2008-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30236
    title Fedora 7 : openldap-2.3.34-6.fc7 (2008-1307)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-584-1.NASL
    description Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and specifying the NOOP control. An authenticated user with modify permissions could send a crafted modify request and cause a denial of service via application crash. Ubuntu 7.10 is not affected by this issue. (CVE-2007-6698) Ralf Haferkamp discovered that the OpenLDAP slapd server did not properly handle modrdn requests when using the Berkeley DB backend and specifying the NOOP control. An authenticated user with modrdn permissions could send a crafted modrdn request and possibly cause a denial of service via application crash. (CVE-2007-6698). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 31406
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31406
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : openldap2.2, openldap2.3 vulnerabilities (USN-584-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0110.NASL
    description Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 31159
    published 2008-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31159
    title RHEL 4 / 5 : openldap (RHSA-2008:0110)
oval via4
accepted 2013-04-29T04:08:20.485-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
family unix
id oval:org.mitre.oval:def:10748
status accepted
submitted 2010-07-09T03:56:16-04:00
title The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
version 24
redhat via4
advisories
rhsa
id RHSA-2008:0110
rpms
  • compat-openldap-0:2.1.30-8.el4_6.4
  • openldap-0:2.2.13-8.el4_6.4
  • openldap-clients-0:2.2.13-8.el4_6.4
  • openldap-devel-0:2.2.13-8.el4_6.4
  • openldap-servers-0:2.2.13-8.el4_6.4
  • openldap-servers-sql-0:2.2.13-8.el4_6.4
  • compat-openldap-0:2.3.27_2.2.29-8.el5_1.3
  • openldap-0:2.3.27-8.el5_1.3
  • openldap-clients-0:2.3.27-8.el5_1.3
  • openldap-devel-0:2.3.27-8.el5_1.3
  • openldap-servers-0:2.3.27-8.el5_1.3
  • openldap-servers-sql-0:2.3.27-8.el5_1.3
refmap via4
apple APPLE-SA-2009-11-09-1
bid 26245
bugtraq 20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers
confirm
debian DSA-1541
fedora FEDORA-2008-1307
mandriva MDVSA-2008:058
mlist
  • [openldap-bugs] 20070411 (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash
  • [openldap-bugs] 20070411 Re: (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash
sectrack 1019480
secunia
  • 28817
  • 28953
  • 29068
  • 29225
  • 29256
  • 29682
  • 29957
suse SUSE-SR:2008:010
ubuntu USN-584-1
vupen ADV-2009-3184
Last major update 21-08-2010 - 00:00
Published 01-02-2008 - 17:00
Last modified 15-10-2018 - 17:56
Back to Top