Ubuntu
openldap package

OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability

Bug #884163 reported by Tibor Pittich
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
Fix Released
Medium
Jamie Strandboge
Hardy
Invalid
Medium
Unassigned
Lucid
Fix Released
Medium
Jamie Strandboge
Maverick
Fix Released
Medium
Jamie Strandboge
Natty
Fix Released
Medium
Jamie Strandboge
Oneiric
Fix Released
Medium
Jamie Strandboge
Precise
Fix Released
Medium
Jamie Strandboge

Bug Description

The vulnerability is caused due to an off-by-one error in the "UTF8StringNormalize()" function when NULL terminating a string. This can be exploited to crash the daemon via e.g. an empty "postalAddressAttribute" value.

The fix is in GIT repository since 6.Oct.2011 - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9

Marc Deslauriers (mdeslaur)
visibility: private → public
visibility: private → public
Changed in openldap (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Jamie Strandboge (jdstrand)
Changed in openldap (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Jamie Strandboge (jdstrand)
Changed in openldap (Ubuntu):
status: Confirmed → In Progress
Changed in openldap (Ubuntu Lucid):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in openldap (Ubuntu Maverick):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in openldap (Ubuntu Natty):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in openldap (Ubuntu Oneiric):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in openldap (Ubuntu Hardy):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Hardy's openldap2.3 does not have postalAddressValidate(), which is the only known function to pass UTF8StringNormalize() a 0 length string.

Changed in openldap (Ubuntu Hardy):
assignee: Jamie Strandboge (jdstrand) → nobody
status: In Progress → Invalid
Jamie Strandboge (jdstrand)
Changed in openldap (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in openldap (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in openldap (Ubuntu Natty):
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand)
Changed in openldap (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in openldap (Ubuntu Oneiric):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openldap - 2.4.25-3ubuntu2

---------------
openldap (2.4.25-3ubuntu2) precise; urgency=low

  * SECURITY UPDATE: potential denial of service (LP: #884163)
    - debian/patches/CVE-2011-4079: fix off by one error in
      postalAddressNormalize()
    - CVE-2011-4079
 -- Jamie Strandboge <email address hidden> Mon, 14 Nov 2011 13:59:56 -0600

Changed in openldap (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openldap - 2.4.25-1.1ubuntu4.1

---------------
openldap (2.4.25-1.1ubuntu4.1) oneiric-security; urgency=low

  * SECURITY UPDATE: potential denial of service (LP: #884163)
    - debian/patches/CVE-2011-4079: fix off by one error in
      postalAddressNormalize()
    - CVE-2011-4079
 -- Jamie Strandboge <email address hidden> Mon, 14 Nov 2011 13:22:54 -0600

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openldap - 2.4.23-6ubuntu6.1

---------------
openldap (2.4.23-6ubuntu6.1) natty-security; urgency=low

  * SECURITY UPDATE: potential denial of service (LP: #884163)
    - debian/patches/CVE-2011-4079: fix off by one error in
      postalAddressNormalize()
    - CVE-2011-4079
 -- Jamie Strandboge <email address hidden> Mon, 14 Nov 2011 13:29:39 -0600

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openldap - 2.4.23-0ubuntu3.7

---------------
openldap (2.4.23-0ubuntu3.7) maverick-security; urgency=low

  * SECURITY UPDATE: potential denial of service (LP: #884163)
    - debian/patches/CVE-2011-4079: fix off by one error in
      postalAddressNormalize()
    - CVE-2011-4079
 -- Jamie Strandboge <email address hidden> Mon, 14 Nov 2011 13:30:50 -0600

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openldap - 2.4.21-0ubuntu5.6

---------------
openldap (2.4.21-0ubuntu5.6) lucid-security; urgency=low

  * SECURITY UPDATE: potential denial of service (LP: #884163)
    - debian/patches/CVE-2011-4079: fix off by one error in
      postalAddressNormalize()
    - CVE-2011-4079
 -- Jamie Strandboge <email address hidden> Mon, 14 Nov 2011 13:32:11 -0600

Changed in openldap (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in openldap (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in openldap (Ubuntu Natty):
status: Fix Committed → Fix Released
Changed in openldap (Ubuntu Oneiric):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.