Vulnerabilities > CVE-2001-0977 - Denial of Service vulnerability in OpenLDAP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-068.NASL description The CERT advisory lists a number of vulnerabilities in various LDAP implementations, based on the results of the PROTOS LDAPv3 test suite. These tests found one problem in OpenLDAP, a free LDAP implementation which is shipped as part of Debian GNU/Linux 2.2. The problem is that slapd did not handle packets which had BER fields of invalid length and would crash if it received them. An attacker could use this to mount a remote denial of service attack. last seen 2020-06-01 modified 2020-06-02 plugin id 14905 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14905 title Debian DSA-068-1 : openldap - remote DoS code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-068. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14905); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2001-0977"); script_bugtraq_id(3049); script_xref(name:"DSA", value:"068"); script_name(english:"Debian DSA-068-1 : openldap - remote DoS"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The CERT advisory lists a number of vulnerabilities in various LDAP implementations, based on the results of the PROTOS LDAPv3 test suite. These tests found one problem in OpenLDAP, a free LDAP implementation which is shipped as part of Debian GNU/Linux 2.2. The problem is that slapd did not handle packets which had BER fields of invalid length and would crash if it received them. An attacker could use this to mount a remote denial of service attack." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2001/dsa-068" ); script_set_attribute( attribute:"solution", value: "This problem has been fixed in version 1.2.12-1, and we recommend that you upgrade your slapd package immediately." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openldap"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"ldap-rfc", reference:"1.2.12-1")) flag++; if (deb_check(release:"2.2", prefix:"libopenldap-dev", reference:"1.2.12-1")) flag++; if (deb_check(release:"2.2", prefix:"libopenldap-runtime", reference:"1.2.12-1")) flag++; if (deb_check(release:"2.2", prefix:"libopenldap1", reference:"1.2.12-1")) flag++; if (deb_check(release:"2.2", prefix:"openldap-gateways", reference:"1.2.12-1")) flag++; if (deb_check(release:"2.2", prefix:"openldap-utils", reference:"1.2.12-1")) flag++; if (deb_check(release:"2.2", prefix:"openldapd", reference:"1.2.12-1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-069.NASL description CERT released an advisory that details a number of vulnerabilities as found in a variety of different LDAP implementations. The results of these tests showed one vulnerability in OpenLDAP with slapd not handling packets with certain invalid fields. A malicious attacker could craft such invalid packets, resulting in a denial of service attack on the affected server. last seen 2020-06-01 modified 2020-06-02 plugin id 13884 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13884 title Mandrake Linux Security Advisory : openldap (MDKSA-2001:069) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2001:069. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13884); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2001-0977"); script_xref(name:"CERT-CC", value:"CA-2001-18"); script_xref(name:"MDKSA", value:"2001:069"); script_name(english:"Mandrake Linux Security Advisory : openldap (MDKSA-2001:069)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "CERT released an advisory that details a number of vulnerabilities as found in a variety of different LDAP implementations. The results of these tests showed one vulnerability in OpenLDAP with slapd not handling packets with certain invalid fields. A malicious attacker could craft such invalid packets, resulting in a denial of service attack on the affected server." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_dnssrv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_passwd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-guide"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-migration"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-servers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2001/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"openldap-1.2.12-1.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"openldap-devel-1.2.12-1.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"openldap-1.2.12-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"openldap-devel-1.2.12-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libldap1-1.2.12-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libldap1-devel-1.2.12-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libldap2-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libldap2-devel-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libldap2-devel-static-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_dnssrv-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_ldap-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_passwd-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_sql-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-clients-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-guide-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-migration-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-servers-2.0.11-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap1-1.2.12-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417
- http://www.cert.org/advisories/CA-2001-18.html
- http://www.debian.org/security/2001/dsa-068
- http://www.kb.cert.org/vuls/id/935800
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3
- http://www.osvdb.org/1905
- http://www.redhat.com/support/errata/RHSA-2001-098.html
- http://www.securityfocus.com/bid/3049
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6904