SB2017060120 - Double free error in openldap (Alpine package)
Published: June 1, 2017
Security Bulletin ID
SB2017060120
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Double free error (CVE-ID: CVE-2017-9287)
The vulnerability allows a remote authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within servers/slapd/back-mdb/search.c when processing search requests, which include the Paged Results control with a page size of 0. A remote authenticated attacker can issue a directory search and crash the slapd daemon.
Successful exploitation of the vulnerability may allow a remote authenticated attacker to perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=6d713e147c28d6b5caaca2de439fffa38b84dd64
- https://git.alpinelinux.org/aports/commit/?id=f433608cc24c7e7a214a41e87b5c323e562f779d
- https://git.alpinelinux.org/aports/commit/?id=db9c4ef0969ffc3d9a13af60562424eaa05579ae
- https://git.alpinelinux.org/aports/commit/?id=fad85a325388ffbdb0f30f6396fdb8188f0725ac
- https://git.alpinelinux.org/aports/commit/?id=2ae144627c66b46f4071ae488562d9bba8724b0e
- https://git.alpinelinux.org/aports/commit/?id=1577fdac86398b4de62cbf6973cef8ddddef0f71
- https://git.alpinelinux.org/aports/commit/?id=e541f145131460a0c1d69801eddda288714aeb92
- https://git.alpinelinux.org/aports/commit/?id=4b66a9765b5554d7a5c951a27b829c0e3cf18ba0
- https://git.alpinelinux.org/aports/commit/?id=98cfa8f1e22a941d95c96dc21c025a4a49ffd7a0
- https://git.alpinelinux.org/aports/commit/?id=ab7ef519db00f89a4171c728fb955ef3e6579952
- https://git.alpinelinux.org/aports/commit/?id=ce5f47063612ef0e5420119ffa7931ff7ca86740