CVE-2007-6698
published 2008-02-01CVE-2007-6698: The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify…
PriorityP414medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
2.04%
78.8th percentile
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openldap | openldap | <= 2.3.35 | — |
| openldap | openldap | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_redhat4.0MEDIUM
vendor_ubuntu4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenLDAP vulnerabilities
vendor_ubuntu·2008-03-05·CVSS 4.0
CVE-2007-6698 [MEDIUM] OpenLDAP vulnerabilities
Title: OpenLDAP vulnerabilities
Summary: OpenLDAP vulnerabilities
Jonathan Clarke discovered that the OpenLDAP slapd server did not
properly handle modify requests when using the Berkeley DB backend
and specifying the NOOP control. An authenticated user with modify
permissions could send a crafted modify request and cause a denial
of service via application crash. Ubuntu 7.10 is not affected by
this issue. (CVE-2007-6698)
Ralf Haferkamp discovered that the OpenLDAP slapd server did not
properly handle modrdn requests when using the Berkeley DB backend
and specifying the NOOP control. An authenticated user with modrdn
permissions could send a crafted modrdn request and possibly cause a
denial of service via application crash. (CVE-2007-6698)
Instructions: In general, a standard system u
Red Hat
openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
vendor_redhat·2008-02-07·CVSS 4.0
CVE-2008-0658 [MEDIUM] openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
Red Hat
openldap: slapd crash on NOOP control operation on entry in bdb storage
vendor_redhat·2007-04-11·CVSS 4.0
CVE-2007-6698 [MEDIUM] openldap: slapd crash on NOOP control operation on entry in bdb storage
openldap: slapd crash on NOOP control operation on entry in bdb storage
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
GHSA
GHSA-8qj7-7p8r-jhqj: slapd/back-bdb/modrdn
ghsa_unreviewed·2022-05-01·CVSS 4.0
CVE-2008-0658 [MEDIUM] GHSA-8qj7-7p8r-jhqj: slapd/back-bdb/modrdn
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
GHSA
GHSA-9xcf-r85j-w8gv: The BDB backend for slapd in OpenLDAP before 2
ghsa_unreviewed·2022-05-01
CVE-2007-6698 [MEDIUM] GHSA-9xcf-r85j-w8gv: The BDB backend for slapd in OpenLDAP before 2
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
No detection rules found.
Bugzilla
CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
bugzilla·2008-02-08·CVSS 4.0
CVE-2008-0658 [MEDIUM] CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
While preparing the patch for CVE-2007-6698 (issue allowing slapd daemon crash
using modify requests with NOOP control, tracked via bug bug #431203), it was
discovered, that similar crash can be achieved using modrdn operation with NOOP
control.
Upstream bug report:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
Patch applied in upstream CVS:
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198&f=h
Discussion:
Similar to CVE-2007-6698, this issue does not affect OpenLDAP packages as
shipped in Red Hat Enterprise Linux 2.1 and 3, as they do not support NOOP
controls. Packages shipped in Red Hat Enterprise Linux 4 and 5 are affected.
Bugzilla
CVE-2007-6698 openldap: slapd crash on NOOP control operation on entry in bdb storage
bugzilla·2008-02-01·CVSS 4.0
CVE-2007-6698 [MEDIUM] CVE-2007-6698 openldap: slapd crash on NOOP control operation on entry in bdb storage
CVE-2007-6698 openldap: slapd crash on NOOP control operation on entry in bdb storage
It was discovered that modify operation with NOOP control on an entry stored in
BDB backed can cause OpenLDAP's slapd daemon to crash. Further details and
patch can be found in upstream bug / CVS:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4925
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modify.c.diff?r1=1.124.2.16&r2=1.124.2.17&f=h
NOOP control was introduced in OpenLDAP 2.1 branch as documented on roadmap page:
http://www.openldap.org/software/roadmap.html
This issue was fixed upstream in version 2.3.36:
http://www.openldap.org/devel/cvsweb.cgi/~checkout~/Attic/CHANGES?rev=1.5.8.414
Discussion:
This issue does not affect OpenLDAP packages as shipped in Red Hat
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.htmlhttp://secunia.com/advisories/28817http://secunia.com/advisories/28953http://secunia.com/advisories/29068http://secunia.com/advisories/29225http://secunia.com/advisories/29256http://secunia.com/advisories/29682http://secunia.com/advisories/29957http://support.apple.com/kb/HT3937http://wiki.rpath.com/Advisories:rPSA-2008-0059http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059http://www.debian.org/security/2008/dsa-1541http://www.mandriva.com/security/advisories?name=MDVSA-2008:058http://www.openldap.org/lists/openldap-bugs/200704/msg00067.htmlhttp://www.openldap.org/lists/openldap-bugs/200704/msg00068.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0110.htmlhttp://www.securityfocus.com/archive/1/488242/100/200/threadedhttp://www.securityfocus.com/bid/26245http://www.securitytracker.com/id?1019480http://www.ubuntu.com/usn/usn-584-1http://www.vupen.com/english/advisories/2009/3184https://bugzilla.redhat.com/show_bug.cgi?id=431203https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.htmlhttp://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.htmlhttp://secunia.com/advisories/28817http://secunia.com/advisories/28953http://secunia.com/advisories/29068http://secunia.com/advisories/29225http://secunia.com/advisories/29256http://secunia.com/advisories/29682http://secunia.com/advisories/29957http://support.apple.com/kb/HT3937http://wiki.rpath.com/Advisories:rPSA-2008-0059http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059http://www.debian.org/security/2008/dsa-1541http://www.mandriva.com/security/advisories?name=MDVSA-2008:058http://www.openldap.org/lists/openldap-bugs/200704/msg00067.htmlhttp://www.openldap.org/lists/openldap-bugs/200704/msg00068.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0110.htmlhttp://www.securityfocus.com/archive/1/488242/100/200/threadedhttp://www.securityfocus.com/bid/26245http://www.securitytracker.com/id?1019480http://www.ubuntu.com/usn/usn-584-1http://www.vupen.com/english/advisories/2009/3184https://bugzilla.redhat.com/show_bug.cgi?id=431203https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html
2008-02-01
Published