blob: c4af6435274c2e7c0faa3d85af8c24a88b4b341e [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200606-17">
<title>OpenLDAP: Buffer overflow</title>
The OpenLDAP replication server slurpd contains a buffer overflow that
could result in arbitrary code execution.
<product type="ebuild">net-nds/openldap</product>
<announced>June 15, 2006</announced>
<revised>June 15, 2006: 01</revised>
<package name="net-nsd/openldap" auto="yes" arch="*">
<unaffected range="ge">2.3.22</unaffected>
<vulnerable range="lt">2.3.22</vulnerable>
OpenLDAP is a suite of LDAP-related applications and development tools.
It includes slapd (the standalone LDAP server), slurpd (the standalone
LDAP replication server), various LDAP libraries, utilities and example
slurpd contains a buffer overflow when reading very long hostnames from
the status file.
<impact type="normal">
By injecting an overly long hostname in the status file, an attacker
could possibly cause the execution of arbitrary code with the
permissions of the user running slurpd.
There is no known workaround at this time.
All openLDAP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-nds/openldap-2.3.22&quot;</code>
<uri link="">CVE-2006-2754</uri>
<metadata tag="requester" timestamp="Thu, 08 Jun 2006 10:43:24 +0000">
<metadata tag="bugReady" timestamp="Sun, 11 Jun 2006 20:44:06 +0000">
<metadata tag="submitter" timestamp="Mon, 12 Jun 2006 07:06:11 +0000">