Aviso de seguridad de Debian
DSA-068-1 openldap -- DoS (denegación de servicio) remota
- Fecha del informe:
- 9 de ago de 2001
- Paquetes afectados:
- openldap
- Vulnerable:
- Sí
- Referencias a bases de datos de seguridad:
- En la base de datos de Bugtraq (en SecurityFocus): Id. en BugTraq 3049.
En el diccionario CVE de Mitre: CVE-2001-0977.
Notas y avisos de incidentes y vulnerabilidades en CERT: CA-2001-18. - Información adicional:
-
La lista de avisos del CERT muestra varias vulnerabilidades en diversas
implementaciones de LDAP, basado en los resultados del grupo de
herramientas de pruebas LDAPv3 PROTOS. Estas pruebas encontraron un
problema en OpenLDAP, una implementación gratuita de LDAP que se
distribuye como parte de Debian GNU/Linux 2.2.
El problema es que
slapdno aceptó paquetes con campos BER de una longitud inválida y dejaría de funcionar si los recibiese. Un atacante podría usar esto para establecer un ataque de denegación de servicio.Este problema se ha arreglado en la versión 1.2.12-1, y recomendamos que actualice su paquete
slapdinmediatamente. - Arreglado en:
-
Debian GNU/Linux 2.2 (potato)
- Fuentes:
- http://security.debian.org/dists/stable/updates/main/source/openldap_1.2.12-1.dsc
- http://security.debian.org/dists/stable/updates/main/source/openldap_1.2.12-1.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/openldap_1.2.12-1.tar.gz
- Componentes independientes de la arquitectura:
- http://security.debian.org/dists/stable/updates/main/binary-all/ldap-rfc_1.2.12-1_all.deb
- http://security.debian.org/dists/stable/updates/main/binary-all/libopenldap-runtime_1.2.12-1_all.deb
- http://security.debian.org/dists/stable/updates/main/binary-all/libopenldap-runtime_1.2.12-1_all.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/libopenldap-dev_1.2.12-1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libopenldap1_1.2.12-1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/openldap-gateways_1.2.12-1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/openldap-utils_1.2.12-1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/openldapd_1.2.12-1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libopenldap1_1.2.12-1_arm.deb
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libopenldap-dev_1.2.12-1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libopenldap1_1.2.12-1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/openldap-gateways_1.2.12-1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/openldap-utils_1.2.12-1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/openldapd_1.2.12-1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libopenldap1_1.2.12-1_alpha.deb
- Intel IA-32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/libopenldap-dev_1.2.12-1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libopenldap1_1.2.12-1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/openldap-gateways_1.2.12-1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/openldap-utils_1.2.12-1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/openldapd_1.2.12-1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libopenldap1_1.2.12-1_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libopenldap-dev_1.2.12-1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libopenldap1_1.2.12-1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/openldap-gateways_1.2.12-1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/openldap-utils_1.2.12-1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/openldapd_1.2.12-1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libopenldap1_1.2.12-1_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libopenldap-dev_1.2.12-1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libopenldap1_1.2.12-1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/openldap-gateways_1.2.12-1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/openldap-utils_1.2.12-1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/openldapd_1.2.12-1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libopenldap1_1.2.12-1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libopenldap-dev_1.2.12-1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libopenldap1_1.2.12-1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/openldap-gateways_1.2.12-1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/openldap-utils_1.2.12-1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/openldapd_1.2.12-1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libopenldap1_1.2.12-1_sparc.deb
Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.