Mandriva Linux Security Advisory : openldap (MDVSA-2008:058)
High Nessus Plugin ID 37371
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service (CVE-2007-5708).
Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658) operations could cause slapd to crash.
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.