ID CVE-2008-0658
Summary slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
References
Vulnerable Configurations
  • cpe:2.3:a:openldap:openldap:2.3.39
    cpe:2.3:a:openldap:openldap:2.3.39
CVSS
Base: 4.0 (as of 14-02-2008 - 12:05)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description OpenLDAP 2.3.39 MODRDN Remote Denial of Service Vulnerability. CVE-2008-0658. Dos exploit for linux platform
id EDB-ID:31190
last seen 2016-02-03
modified 2008-02-13
published 2008-02-13
reporter Ralf Haferkamp
source https://www.exploit-db.com/download/31190/
title OpenLDAP 2.3.39 MODRDN Remote Denial of Service Vulnerability
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1541.NASL
    description Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5707 Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests. - CVE-2007-5708 Toby Blade discovered that incorrect memory handling in slapo-pcache could lead to denial of service through crafted search requests. - CVE-2007-6698 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modify requests. - CVE-2008-0658 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modrdn requests.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31811
    published 2008-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31811
    title Debian DSA-1541-1 : openldap2.3 - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENLDAP2-4989.NASL
    description Authenticated users could crash the LDAP server 'slapd' via the 'NOOP' command. (CVE-2007-6698 / CVE-2008-0658)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 32078
    published 2008-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32078
    title SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 4989)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENLDAP2-4999.NASL
    description Authenticated users could crash the LDAP server 'slapd' via the 'NOOP' command (CVE-2007-6698,CVE-2008-0658)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 32079
    published 2008-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32079
    title openSUSE 10 Security Update : openldap2 (openldap2-4999)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-058.NASL
    description A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service (CVE-2007-5708). Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658) operations could cause slapd to crash. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37371
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37371
    title Mandriva Linux Security Advisory : openldap (MDVSA-2008:058)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200803-28.NASL
    description The remote host is affected by the vulnerability described in GLSA-200803-28 (OpenLDAP: Denial of Service vulnerabilities) The following errors have been discovered in OpenLDAP: Tony Blake discovered an error which exists within the normalisation of 'objectClasses' (CVE-2007-5707). Thomas Sesselmann reported that, when running as a proxy-caching server the 'add_filter_attrs()' function in servers/slapd/overlay/pcache.c does not correctly NULL terminate 'new_attrs' (CVE-2007-5708). A double-free bug exists in attrs_free() in the file servers/slapd/back-bdb/modrdn.c, which was discovered by Jonathan Clarke (CVE-2008-0658). Impact : A remote attacker can cause a Denial of Serivce by sending a malformed 'objectClasses' attribute, and via unknown vectors that prevent the 'new_attrs' array from being NULL terminated, and via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 31634
    published 2008-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31634
    title GLSA-200803-28 : OpenLDAP: Denial of Service vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-1616.NASL
    description - Fri Feb 8 2008 Jan Safranek 2.3.34-7 - fix CVE-2008-0658 (#432012) - Tue Feb 5 2008 Jan Safranek 2.3.34-6 - fix CVE-2007-6698 (#431409) - Mon Jan 14 2008 Jan Safranek 2.3.34-5 - fix default slurpd directory to /var/lib/ldap (#424831) - Fri Nov 2 2007 Jan Safranek 2.3.34-4 - fix various security flaws (#360081) - Fri Jul 13 2007 Jan Safranek 2.3.34-3 - Fix initscript return codes (#242667) - Provide overlays including smbk5pwd (as modules; #246036, #245896, #220895) - Add available modules to config file - do not create script in /tmp on startup (bz#188298) - add compat-slapcat to openldap-compat (bz#179378) - do not import ddp services with migrate_services.pl (bz#201183) - sort the hosts by address, preventing duplicities in migrate*nis*.pl (bz#201540) - start slupd for each replicated database (bz#210155) - add ldconfig to devel post/postun (bz#240253) - include misc.schema in default slapd.conf (bz#147805) - Mon Apr 23 2007 Jan Safranek 2.3.34-2 - slapadd during package update is now quiet (bz#224581) - use _localstatedir instead of var/ during build (bz#220970) - bind-libbind-devel removed from BuildRequires (bz#216851) - slaptest is now quiet during service ldap start, if there is no error/warning (bz#143697) - libldap_r.so now links with pthread (bz#198226) - do not strip binaries to produce correct .debuginfo packages (bz#152516) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 31076
    published 2008-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31076
    title Fedora 7 : openldap-2.3.34-7.fc7 (2008-1616)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080221_OPENLDAP_ON_SL4_X.NASL
    description These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60361
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60361
    title Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12075.NASL
    description Authenticated users could crash the LDAP server 'slapd' via the 'NOOP' command. (CVE-2007-6698 / CVE-2008-0658)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41197
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41197
    title SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12075)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0110.NASL
    description Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 31138
    published 2008-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31138
    title CentOS 4 / 5 : openldap (CESA-2008:0110)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0110.NASL
    description From Red Hat Security Advisory 2008:0110 : Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67650
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67650
    title Oracle Linux 4 / 5 : openldap (ELSA-2008-0110)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-006.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42433
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42433
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-006)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-1568.NASL
    description - Fri Feb 8 2008 Jan Safranek 2.3.39-2 - fix CVE-2008-0658 (#432013) - Mon Jan 14 2008 Jan Safranek 2.3.39-2 - fix default slurpd directory to /var/lib/ldap (#424831) - Fri Nov 2 2007 Jan Safranek 2.3.39-1 - new upstream version, fixing few security flaws (#362991) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 31071
    published 2008-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31071
    title Fedora 8 : openldap-2.3.39-3.fc8 (2008-1568)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_E5D29309E0DB11DC97B2001C2514716C.NASL
    description Secunia Advisory reports : A vulnerability has been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS (Denial of Service).
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 31156
    published 2008-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31156
    title FreeBSD : openldap -- modrdn Denial of Service vulnerability (e5d29309-e0db-11dc-97b2-001c2514716c)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-584-1.NASL
    description Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and specifying the NOOP control. An authenticated user with modify permissions could send a crafted modify request and cause a denial of service via application crash. Ubuntu 7.10 is not affected by this issue. (CVE-2007-6698) Ralf Haferkamp discovered that the OpenLDAP slapd server did not properly handle modrdn requests when using the Berkeley DB backend and specifying the NOOP control. An authenticated user with modrdn permissions could send a crafted modrdn request and possibly cause a denial of service via application crash. (CVE-2007-6698). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 31406
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31406
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : openldap2.2, openldap2.3 vulnerabilities (USN-584-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0110.NASL
    description Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 31159
    published 2008-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31159
    title RHEL 4 / 5 : openldap (RHSA-2008:0110)
oval via4
accepted 2013-04-29T04:19:37.578-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
family unix
id oval:org.mitre.oval:def:9470
status accepted
submitted 2010-07-09T03:56:16-04:00
title slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
version 24
redhat via4
advisories
bugzilla
id 432008
title CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment compat-openldap is earlier than 0:2.1.30-8.el4_6.4
          oval oval:com.redhat.rhsa:tst:20080110004
        • comment compat-openldap is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310013
      • AND
        • comment openldap is earlier than 0:2.2.13-8.el4_6.4
          oval oval:com.redhat.rhsa:tst:20080110002
        • comment openldap is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310003
      • AND
        • comment openldap-clients is earlier than 0:2.2.13-8.el4_6.4
          oval oval:com.redhat.rhsa:tst:20080110006
        • comment openldap-clients is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310007
      • AND
        • comment openldap-devel is earlier than 0:2.2.13-8.el4_6.4
          oval oval:com.redhat.rhsa:tst:20080110010
        • comment openldap-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310009
      • AND
        • comment openldap-servers is earlier than 0:2.2.13-8.el4_6.4
          oval oval:com.redhat.rhsa:tst:20080110012
        • comment openldap-servers is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310005
      • AND
        • comment openldap-servers-sql is earlier than 0:2.2.13-8.el4_6.4
          oval oval:com.redhat.rhsa:tst:20080110008
        • comment openldap-servers-sql is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310011
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment compat-openldap is earlier than 0:2.3.27_2.2.29-8.el5_1.3
          oval oval:com.redhat.rhsa:tst:20080110021
        • comment compat-openldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037011
      • AND
        • comment openldap is earlier than 0:2.3.27-8.el5_1.3
          oval oval:com.redhat.rhsa:tst:20080110015
        • comment openldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037003
      • AND
        • comment openldap-clients is earlier than 0:2.3.27-8.el5_1.3
          oval oval:com.redhat.rhsa:tst:20080110017
        • comment openldap-clients is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037005
      • AND
        • comment openldap-devel is earlier than 0:2.3.27-8.el5_1.3
          oval oval:com.redhat.rhsa:tst:20080110023
        • comment openldap-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037009
      • AND
        • comment openldap-servers is earlier than 0:2.3.27-8.el5_1.3
          oval oval:com.redhat.rhsa:tst:20080110025
        • comment openldap-servers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037007
      • AND
        • comment openldap-servers-sql is earlier than 0:2.3.27-8.el5_1.3
          oval oval:com.redhat.rhsa:tst:20080110019
        • comment openldap-servers-sql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037013
rhsa
id RHSA-2008:0110
released 2008-02-21
severity Moderate
title RHSA-2008:0110: openldap security update (Moderate)
rpms
  • compat-openldap-0:2.1.30-8.el4_6.4
  • openldap-0:2.2.13-8.el4_6.4
  • openldap-clients-0:2.2.13-8.el4_6.4
  • openldap-devel-0:2.2.13-8.el4_6.4
  • openldap-servers-0:2.2.13-8.el4_6.4
  • openldap-servers-sql-0:2.2.13-8.el4_6.4
  • compat-openldap-0:2.3.27_2.2.29-8.el5_1.3
  • openldap-0:2.3.27-8.el5_1.3
  • openldap-clients-0:2.3.27-8.el5_1.3
  • openldap-devel-0:2.3.27-8.el5_1.3
  • openldap-servers-0:2.3.27-8.el5_1.3
  • openldap-servers-sql-0:2.3.27-8.el5_1.3
refmap via4
apple APPLE-SA-2009-11-09-1
bid 27778
bugtraq 20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers
confirm
debian DSA-1541
gentoo GLSA-200803-28
mandriva MDVSA-2008:058
sectrack 1019481
secunia
  • 28914
  • 28926
  • 28953
  • 29068
  • 29225
  • 29256
  • 29461
  • 29682
  • 29957
suse SUSE-SR:2008:010
ubuntu USN-584-1
vupen
  • ADV-2008-0536
  • ADV-2009-3184
xf openldap-modrdn-dos(40479)
Last major update 07-03-2011 - 22:05
Published 13-02-2008 - 16:00
Last modified 15-10-2018 - 18:02
Back to Top