CVE-2007-5707: Double Free
First published: Tue Oct 30 2007(Updated: )
OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenLDAP | =2.0.2 | |
| OpenLDAP | =2.0.11_11 | |
| OpenLDAP | =2.1.15 | |
| OpenLDAP | =2.1.10 | |
| OpenLDAP | =2.3.28_2.20061022 | |
| OpenLDAP | =2.2.4 | |
| OpenLDAP | =2.2.22 | |
| OpenLDAP | =2.1.29 | |
| OpenLDAP | =2.2.18 | |
| OpenLDAP | =2.1.9 | |
| OpenLDAP | =1.2.6 | |
| OpenLDAP | =1.1.2 | |
| OpenLDAP | =2.0.22 | |
| OpenLDAP | =2.0.9 | |
| OpenLDAP | =2.2.0 | |
| OpenLDAP | =2.1.19 | |
| OpenLDAP | =1.0 | |
| OpenLDAP | =2.2.29_rev_1.134 | |
| OpenLDAP | =1.2.7 | |
| OpenLDAP | =2.2.12 | |
| OpenLDAP | =2.2.20 | |
| OpenLDAP | =2.0.15 | |
| OpenLDAP | =2.2.13 | |
| OpenLDAP | =2.1.30 | |
| OpenLDAP | =2.0.26 | |
| OpenLDAP | =2.1.5 | |
| OpenLDAP | =2.1.14 | |
| OpenLDAP | =2.1.21 | |
| OpenLDAP | =1.0.2 | |
| OpenLDAP | =2.1.24 | |
| OpenLDAP | =2.1.20 | |
| OpenLDAP | =2.0.14 | |
| OpenLDAP | =2.0.7 | |
| OpenLDAP | =1.2.11 | |
| OpenLDAP | =1.1.0 | |
| OpenLDAP | =2.0.13 | |
| OpenLDAP | =2.0.27 | |
| OpenLDAP | =2.0.11_9 | |
| OpenLDAP | =2.2.9 | |
| OpenLDAP | =2.1.26 | |
| OpenLDAP | =2.2.27 | |
| OpenLDAP | =2.3.27_2.20061018 | |
| OpenLDAP | =2.1.17 | |
| OpenLDAP | =2.1.2 | |
| OpenLDAP | =2.2.14 | |
| OpenLDAP | =2.1.6 | |
| OpenLDAP | =2.0.3 | |
| OpenLDAP | =2.2.10 | |
| OpenLDAP | =2.2.7 | |
| OpenLDAP | =1.2.12 | |
| OpenLDAP | =2.0.25 | |
| OpenLDAP | =2.1.12 | |
| OpenLDAP | =2.0.12 | |
| OpenLDAP | =2.1_.20 | |
| OpenLDAP | =2.2.24 | |
| OpenLDAP | =1.2.1 | |
| OpenLDAP | =1.1.4 | |
| OpenLDAP | =1.1 | |
| OpenLDAP | =1.2.10 | |
| OpenLDAP | =2.0.24 | |
| OpenLDAP | =1.1.1 | |
| OpenLDAP | =2.0.20 | |
| OpenLDAP | =1.2.2 | |
| OpenLDAP | =2.3.28_e1.0.0 | |
| OpenLDAP | =1.0.1 | |
| OpenLDAP | =1.2.4 | |
| OpenLDAP | =2.0.4 | |
| OpenLDAP | =2.0.16 | |
| OpenLDAP | =2.2.5 | |
| OpenLDAP | =2.2.6 | |
| OpenLDAP | =2.1.25 | |
| OpenLDAP | =1.2.8 | |
| OpenLDAP | =2.1.27 | |
| OpenLDAP | =2.0.11_11s | |
| OpenLDAP | =1.2.9 | |
| OpenLDAP | =2.0.19 | |
| OpenLDAP | =2.2.21 | |
| OpenLDAP | =2.1.8 | |
| OpenLDAP | =2.2.28_r2 | |
| OpenLDAP | =2.2.1 | |
| OpenLDAP | =1.2.13 | |
| OpenLDAP | =2.0.10 | |
| OpenLDAP | =2.1.7 | |
| OpenLDAP | =2.0.1 | |
| OpenLDAP | =2.2.15 | |
| OpenLDAP | =2.0 | |
| OpenLDAP | =2.0.23 | |
| OpenLDAP | =1.2.5 | |
| OpenLDAP | =2.2.11 | |
| OpenLDAP | =1.0.3 | |
| OpenLDAP | =2.2.17 | |
| OpenLDAP | =2.1.3 | |
| OpenLDAP | =2.3.28_20061022 | |
| OpenLDAP | =2.2.23 | |
| OpenLDAP | =2.1.11 | |
| OpenLDAP | =2.0.8 | |
| OpenLDAP | =2.1.13 | |
| OpenLDAP | =2.2.25 | |
| OpenLDAP | =2.1.23 | |
| OpenLDAP | =2.0.18 | |
| OpenLDAP | =1.2 | |
| OpenLDAP | =2.1.16 | |
| OpenLDAP | =2.1.28 | |
| OpenLDAP | =2.1.22 | |
| OpenLDAP | =2.0.5 | |
| OpenLDAP | =2.2.8 | |
| OpenLDAP | =1.1.3 | |
| OpenLDAP | =2.0.11 | |
| OpenLDAP | =2.2.26 | |
| OpenLDAP | =2.0.6 | |
| OpenLDAP | =2.0.17 | |
| OpenLDAP | =2.2.19 | |
| OpenLDAP | =2.1.4 | |
| OpenLDAP | =1.2.3 | |
| OpenLDAP | =2.1.18 | |
| OpenLDAP | =2.2.16 | |
| OpenLDAP | =2.0.0 | |
| OpenLDAP | =2.0.21 | |
| OpenLDAP | =1.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5119
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632
- http://www.openldap.org/lists/openldap-announce/200710/msg00001.html
- http://secunia.com/advisories/27424
- http://www.redhat.com/archives/fedora-package-announce/2007-November/msg00460.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:215
- http://www.redhat.com/support/errata/RHSA-2007-1037.html
- http://www.redhat.com/support/errata/RHSA-2007-1038.html
- http://www.novell.com/linux/security/advisories/2007_24_sr.html
- http://www.ubuntu.com/usn/usn-551-1
- http://www.securitytracker.com/id?1018924
- http://secunia.com/advisories/27587
- http://secunia.com/advisories/27596
- http://secunia.com/advisories/27683
- http://secunia.com/advisories/27868
- http://secunia.com/advisories/27756
- http://security.gentoo.org/glsa/glsa-200803-28.xml
- http://secunia.com/advisories/29461
- http://www.debian.org/security/2008/dsa-1541
- http://secunia.com/advisories/29682
- http://www.securityfocus.com/bid/26245
- http://support.apple.com/kb/HT3937
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://www.vupen.com/english/advisories/2009/3184
- http://www.vupen.com/english/advisories/2007/3645
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10183
Frequently Asked Questions
What is the severity of CVE-2007-5707?
CVE-2007-5707 has a severity rating associated with a denial of service vulnerability, allowing remote attackers to crash the LDAP server.
How do I fix CVE-2007-5707?
To fix CVE-2007-5707, upgrade OpenLDAP to version 2.3.39 or later, which addresses the vulnerability.
What versions are affected by CVE-2007-5707?
CVE-2007-5707 affects all OpenLDAP versions prior to 2.3.39, including versions 1.0 to 2.3.28.
What type of vulnerability is CVE-2007-5707?
CVE-2007-5707 is classified as a denial of service vulnerability due to a malformed LDAP request.
Can CVE-2007-5707 be exploited remotely?
Yes, CVE-2007-5707 can be exploited remotely, allowing attackers to crash the OpenLDAP server.
- agent/references
- agent/author
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-index
- vendor/openldap
- canonical/openldap
- version/openldap/2.0.2
- version/openldap/2.0.11_11
- version/openldap/2.1.15
- version/openldap/2.1.10
- version/openldap/2.3.28_2.20061022
- version/openldap/2.2.4
- version/openldap/2.2.22
- version/openldap/2.1.29
- version/openldap/2.2.18
- version/openldap/2.1.9
- version/openldap/1.2.6
- version/openldap/1.1.2
- version/openldap/2.0.22
- version/openldap/2.0.9
- version/openldap/2.2.0
- version/openldap/2.1.19
- version/openldap/1.0
- version/openldap/2.2.29_rev_1.134
- version/openldap/1.2.7
- version/openldap/2.2.12
- version/openldap/2.2.20
- version/openldap/2.0.15
- version/openldap/2.2.13
- version/openldap/2.1.30
- version/openldap/2.0.26
- version/openldap/2.1.5
- version/openldap/2.1.14
- version/openldap/2.1.21
- version/openldap/1.0.2
- version/openldap/2.1.24
- version/openldap/2.1.20
- version/openldap/2.0.14
- version/openldap/2.0.7
- version/openldap/1.2.11
- version/openldap/1.1.0
- version/openldap/2.0.13
- version/openldap/2.0.27
- version/openldap/2.0.11_9
- version/openldap/2.2.9
- version/openldap/2.1.26
- version/openldap/2.2.27
- version/openldap/2.3.27_2.20061018
- version/openldap/2.1.17
- version/openldap/2.1.2
- version/openldap/2.2.14
- version/openldap/2.1.6
- version/openldap/2.0.3
- version/openldap/2.2.10
- version/openldap/2.2.7
- version/openldap/1.2.12
- version/openldap/2.0.25
- version/openldap/2.1.12
- version/openldap/2.0.12
- version/openldap/2.1_.20
- version/openldap/2.2.24
- version/openldap/1.2.1
- version/openldap/1.1.4
- version/openldap/1.1
- version/openldap/1.2.10
- version/openldap/2.0.24
- version/openldap/1.1.1
- version/openldap/2.0.20
- version/openldap/1.2.2
- version/openldap/2.3.28_e1.0.0
- version/openldap/1.0.1
- version/openldap/1.2.4
- version/openldap/2.0.4
- version/openldap/2.0.16
- version/openldap/2.2.5
- version/openldap/2.2.6
- version/openldap/2.1.25
- version/openldap/1.2.8
- version/openldap/2.1.27
- version/openldap/2.0.11_11s
- version/openldap/1.2.9
- version/openldap/2.0.19
- version/openldap/2.2.21
- version/openldap/2.1.8
- version/openldap/2.2.28_r2
- version/openldap/2.2.1
- version/openldap/1.2.13
- version/openldap/2.0.10
- version/openldap/2.1.7
- version/openldap/2.0.1
- version/openldap/2.2.15
- version/openldap/2.0
- version/openldap/2.0.23
- version/openldap/1.2.5
- version/openldap/2.2.11
- version/openldap/1.0.3
- version/openldap/2.2.17
- version/openldap/2.1.3
- version/openldap/2.3.28_20061022
- version/openldap/2.2.23
- version/openldap/2.1.11
- version/openldap/2.0.8
- version/openldap/2.1.13
- version/openldap/2.2.25
- version/openldap/2.1.23
- version/openldap/2.0.18
- version/openldap/1.2
- version/openldap/2.1.16
- version/openldap/2.1.28
- version/openldap/2.1.22
- version/openldap/2.0.5
- version/openldap/2.2.8
- version/openldap/1.1.3
- version/openldap/2.0.11
- version/openldap/2.2.26
- version/openldap/2.0.6
- version/openldap/2.0.17
- version/openldap/2.2.19
- version/openldap/2.1.4
- version/openldap/1.2.3
- version/openldap/2.1.18
- version/openldap/2.2.16
- version/openldap/2.0.0
- version/openldap/2.0.21
- version/openldap/1.2.0