Security alerts on OpenLDAP (CVE-2015-1545 / CVE-2015-1546) - openldap-devel - openldap.org

List overview All Threads
Download

Security alerts on OpenLDAP (CVE-2015-1545 / CVE-2015-1546)

Fwd: multiple sequential lmdb...

git.openldap.org (port 9418) (Name...

Clément OUDOT

23 Feb 2015 23 Feb '15

12:10 p.m.

Hi,

I saw today two CVE on OpenLDAP: * http://vigilance.fr/vulnerability/OpenLDAP-NULL-pointer-dereference-via-dere... * http://vigilance.fr/vulnerability/OpenLDAP-use-after-free-via-Matched-Values...

Don't know if they are reported in some ITS.

Clément OUDOT.

Reply

Show replies by date

Howard Chu

23 Feb 23 Feb

4:36 p.m.

Clément OUDOT wrote:

Hi,

I saw today two CVE on OpenLDAP:

http://vigilance.fr/vulnerability/OpenLDAP-NULL-pointer-dereference-via-dere...

http://vigilance.fr/vulnerability/OpenLDAP-use-after-free-via-Matched-Values...

Don't know if they are reported in some ITS.

That's because you're reading 2nd or 3rd-hand reports. Read the actual CVEs and you'll see that relevant ITSs already linked.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546

Given that the deref overlay isn't even documented and is probably used by only a handful of OpenLDAP developers I don't believe it even merited a CVE record.

-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

Reply

Clément OUDOT

11:59 p.m.

2015-02-24 1:36 GMT+01:00 Howard Chu hyc@symas.com:

Clément OUDOT wrote:

...
Hi,

I saw today two CVE on OpenLDAP:

http://vigilance.fr/vulnerability/OpenLDAP-NULL-pointer-dereference-via-dere...

http://vigilance.fr/vulnerability/OpenLDAP-use-after-free-via-Matched-Values...

Don't know if they are reported in some ITS.

That's because you're reading 2nd or 3rd-hand reports. Read the actual CVEs and you'll see that relevant ITSs already linked.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546

Given that the deref overlay isn't even documented and is probably used by only a handful of OpenLDAP developers I don't believe it even merited a CVE record.

Agreed for the deref CVE, but I confirm that the matched values bug is present in 2.4.40 official version (and so in LTB packages). I saw that 2.4.41 was in preparation, any idea of a release date?

Clément.

Reply

Michael Ströder

24 Feb 24 Feb

1:47 a.m.

Howard Chu wrote:

Given that the deref overlay isn't even documented and is probably used by only a handful of OpenLDAP developers I don't believe it even merited a CVE record.

Hmm, not sure. Arthur de Jong implemented support for this control in nss-pam-ldapd a year ago [1] and IIRC also discussed it on the openldap-technical mailing list.

Ciao, Michael.

[1] http://arthurdejong.org/git/nss-pam-ldapd/tree/ChangeLog

[..] 2014-01-05 Arthur de Jong arthur@arthurdejong.org

* [c6c317e] : Implement deref control handling

This uses the LDAP_CONTROL_X_DEREF control as described in draft-masarati-ldap-deref-00 to request the LDAP server to dereference group member attribute values to uid attribute values. [..]

Reply

3559

Age (days ago)

3560

Last active (days ago)

openldap-devel@openldap.org

3 comments

3 participants

tags (0)

participants (3)

Clément OUDOT
Howard Chu
Michael Ströder