[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2016:0009-01 -- Redhat libldb

ID: oval:org.secpod.oval:def:501740Date: (C)2016-01-19   (M)2023-11-13
Class: PATCHFamily: unix




The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. A denial of service flaw was found in the ldb_wildcard_compare function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb , would cause that application to consume an excessive amount of memory and crash. A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server. Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Thilo Uttendorfer as the original reporter of CVE-2015-3223, and Douglas Bagnall as the original reporter of CVE-2015-5330. All libldb users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Platform:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Product:
libldb
Reference:
RHSA-2016:0009-01
CVE-2015-3223
CVE-2015-5330
CVE    2
CVE-2015-3223
CVE-2015-5330
CPE    3
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:6
cpe:/a:samba:libldb

© SecPod Technologies