Launchpad CVE tracker

CVE 2008-0658

slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.

Related bugs and status

CVE-2008-0658 (Candidate) is related to these bugs:

Bug #191563: [hardy] slapd CLEARTEXT password migration issue

Summary				In	Importance	Status
	191563	[hardy] slapd CLEARTEXT password migration issue		openldap2.3 (Ubuntu)	Medium	Fix Released

Bug #197077: 6.06 LTS: CVE-2007-6698, CVE-2008-0658

		In	Importance	Status
197077	6.06 LTS: CVE-2007-6698, CVE-2008-0658	openldap2.2 (Ubuntu)	Medium	Fix Released
197077	6.06 LTS: CVE-2007-6698, CVE-2008-0658	openldap2.2 (Ubuntu Gutsy)	Medium	Fix Released
197077	6.06 LTS: CVE-2007-6698, CVE-2008-0658	openldap2.2 (Ubuntu Feisty)	Medium	Fix Released
197077	6.06 LTS: CVE-2007-6698, CVE-2008-0658	openldap2.2 (Ubuntu Edgy)	Undecided	Fix Released
197077	6.06 LTS: CVE-2007-6698, CVE-2008-0658	openldap2.2 (Ubuntu Dapper)	Undecided	Fix Released
197077	6.06 LTS: CVE-2007-6698, CVE-2008-0658	openldap2.2 (Ubuntu Hardy)	Medium	Fix Released

Bug #215904: [SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2

		In	Importance	Status
215904	[SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2	openldap2.3 (Ubuntu)	Undecided	Fix Released
215904	[SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2	openldap2.3 (Debian)	Unknown	Fix Released
215904	[SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2	openldap2.3 (Ubuntu Hardy)	Undecided	Fix Released
215904	[SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2	openldap2.3 (Ubuntu Intrepid)	Undecided	Fix Released

Bug #220724: [SRU] Assertion error in schema_init.c:366: octetStringIndexer

		In	Importance	Status
220724	[SRU] Assertion error in schema_init.c:366: octetStringIndexer	openldap2.3 (Ubuntu)	Undecided	Fix Released
220724	[SRU] Assertion error in schema_init.c:366: octetStringIndexer	openldap2.3 (Debian)	Unknown	Fix Released
220724	[SRU] Assertion error in schema_init.c:366: octetStringIndexer	openldap2.3 (Ubuntu Hardy)	Undecided	Fix Released
220724	[SRU] Assertion error in schema_init.c:366: octetStringIndexer	openldap2.3 (Ubuntu Intrepid)	Undecided	Fix Released

Bug #234196: [SRU] dnPrettyNormal: Assertion `pretty != ((void *)0)' failed.

		In	Importance	Status
234196	[SRU] dnPrettyNormal: Assertion `pretty != ((void *)0)' failed.	openldap2.3 (Ubuntu)	Undecided	Fix Released
234196	[SRU] dnPrettyNormal: Assertion `pretty != ((void *)0)' failed.	openldap2.3 (Ubuntu Hardy)	Undecided	Fix Released
234196	[SRU] dnPrettyNormal: Assertion `pretty != ((void *)0)' failed.	openldap2.3 (Ubuntu Intrepid)	Undecided	Fix Released

Bug #239184: evolution-exchange-storage crash in e2k_global_catalog_lookup and ber_flush2

Summary				In	Importance	Status
	239184	evolution-exchange-storage crash in e2k_global_catalog_lookup and ber_flush2		evolution-exchange (Ubuntu)	Undecided	Invalid
	239184	evolution-exchange-storage crash in e2k_global_catalog_lookup and ber_flush2		openldap2.3 (Ubuntu)	Undecided	Invalid

Bug #244925: slapd reports wrong ssf using gnutls

		In	Importance	Status
244925	slapd reports wrong ssf using gnutls	openldap2.3 (Ubuntu)	Medium	Fix Released
244925	slapd reports wrong ssf using gnutls	openldap2.3 (Debian)	Unknown	Fix Released
244925	slapd reports wrong ssf using gnutls	openldap2.3 (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-0658

References