ID CVE-2017-9287
Summary servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
References
Vulnerable Configurations
  • cpe:2.3:a:openldap:openldap:2.4.44
    cpe:2.3:a:openldap:openldap:2.4.44
CVSS
Base: 4.0
Impact:
Exploitability:
CWE CWE-415
CAPEC
nessus via4
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1201.NASL
    description According to the version of the openldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. (CVE-2017-9287) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-10
    plugin id 103059
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103059
    title EulerOS 2.0 SP1 : openldap (EulerOS-SA-2017-1201)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1852.NASL
    description An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. The following packages have been upgraded to a later upstream version: openldap (2.4.44). (BZ#1386365) Security Fix(es) : * A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. (CVE-2017-9287) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2018-09-01
    modified 2018-07-03
    plugin id 102735
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102735
    title CentOS 7 : openldap (CESA-2017:1852)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3868.NASL
    description Karsten Heymann discovered that the OpenLDAP directory server can be crashed by performing a paged search with a page size of 0, resulting in denial of service. This vulnerability is limited to the MDB storage backend.
    last seen 2018-09-01
    modified 2018-07-11
    plugin id 100522
    published 2017-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100522
    title Debian DSA-3868-1 : openldap - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-1CA18683E4.NASL
    description Security fix for CVE-2017-9287 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-02-01
    plugin id 101795
    published 2017-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101795
    title Fedora 25 : openldap (2017-1ca18683e4)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1852.NASL
    description From Red Hat Security Advisory 2017:1852 : An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. The following packages have been upgraded to a later upstream version: openldap (2.4.44). (BZ#1386365) Security Fix(es) : * A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. (CVE-2017-9287) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2018-09-01
    modified 2018-07-25
    plugin id 102282
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102282
    title Oracle Linux 7 : openldap (ELSA-2017-1852)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1567-1.NASL
    description This update for openldap2 fixes the following issues: Security issues fixed : - CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed (bsc#1041764) Non security bugs fixed : - Let OpenLDAP read system-wide certificates by default and don't hide the error if the user-specified CA location cannot be read. (bsc#1009470) - Fix an uninitialised variable that causes startup failure (bsc#1037396) - Fix an issue with transaction management that can cause server crash (bsc#972331) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-08-02
    plugin id 100803
    published 2017-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100803
    title SUSE SLED12 / SLES12 Security Update : openldap2 (SUSE-SU-2017:1567-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3307-1.NASL
    description Karsten Heymann discovered that OpenLDAP incorrectly handled certain search requests. A remote attacker could use this issue to cause slapd to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-08-06
    plugin id 100591
    published 2017-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100591
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : openldap vulnerability (USN-3307-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-972.NASL
    description It was discovered that there was a double-free vulnerability in the 'openldap' LDAP server. A user with access to search the directory could crash slapd by issuing a search requesting a 'Paged Results' value set to zero. For Debian 7 'Wheezy', this issue has been fixed in openldap version 2.4.31-2+deb7u3. We recommend that you upgrade your openldap packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-10
    plugin id 100576
    published 2017-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100576
    title Debian DLA-972-1 : openldap security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1202.NASL
    description According to the version of the openldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. (CVE-2017-9287) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-10
    plugin id 103060
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103060
    title EulerOS 2.0 SP2 : openldap (EulerOS-SA-2017-1202)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0024.NASL
    description An update of [ncurses,openldap,libxml2,ruby] packages for PhotonOS has been released.
    last seen 2018-09-02
    modified 2018-08-17
    plugin id 111873
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111873
    title Photon OS 1.0: Libxml2 / Ncurses / Openldap / Ruby PHSA-2017-0024
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-936.NASL
    description This update for openldap2 fixes the following issues : - Let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (boo#1009470). - Fix CVE-2017-9287: openldap2: Double free vulnerability with patch (boo#1041764) - Fix an uninitialized variable that causes startup failure (boo#1037396) - Fix a regression in handling of non-blocking connection with (boo#1031702)
    last seen 2018-09-02
    modified 2018-01-26
    plugin id 102555
    published 2017-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102555
    title openSUSE Security Update : openldap2 (openSUSE-2017-936)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1852.NASL
    description An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. The following packages have been upgraded to a later upstream version: openldap (2.4.44). (BZ#1386365) Security Fix(es) : * A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. (CVE-2017-9287) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 102144
    published 2017-08-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102144
    title RHEL 7 : openldap (RHSA-2017:1852)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170801_OPENLDAP_ON_SL7_X.NASL
    description The following packages have been upgraded to a later upstream version: openldap (2.4.44). Security Fix(es) : - A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. (CVE-2017-9287)
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 102649
    published 2017-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102649
    title Scientific Linux Security Update : openldap on SL7.x x86_64
redhat via4
advisories
bugzilla
id 1456712
title CVE-2017-9287 openldap: Double free vulnerability in servers/slapd/back-mdb/search.c
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment openldap is earlier than 0:2.4.44-5.el7
        oval oval:com.redhat.rhsa:tst:20171852013
      • comment openldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347006
    • AND
      • comment openldap-clients is earlier than 0:2.4.44-5.el7
        oval oval:com.redhat.rhsa:tst:20171852007
      • comment openldap-clients is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347016
    • AND
      • comment openldap-devel is earlier than 0:2.4.44-5.el7
        oval oval:com.redhat.rhsa:tst:20171852005
      • comment openldap-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347008
    • AND
      • comment openldap-servers is earlier than 0:2.4.44-5.el7
        oval oval:com.redhat.rhsa:tst:20171852011
      • comment openldap-servers is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347012
    • AND
      • comment openldap-servers-sql is earlier than 0:2.4.44-5.el7
        oval oval:com.redhat.rhsa:tst:20171852009
      • comment openldap-servers-sql is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347014
rhsa
id RHSA-2017:1852
released 2017-08-01
severity Moderate
title RHSA-2017:1852: openldap security, bug fix, and enhancement update (Moderate)
rpms
  • openldap-0:2.4.44-5.el7
  • openldap-clients-0:2.4.44-5.el7
  • openldap-devel-0:2.4.44-5.el7
  • openldap-servers-0:2.4.44-5.el7
  • openldap-servers-sql-0:2.4.44-5.el7
refmap via4
bid 98736
confirm
debian DSA-3868
sectrack 1038591
Last major update 29-05-2017 - 12:29
Published 29-05-2017 - 12:29
Last modified 04-01-2018 - 21:31
Back to Top