安全研究
安全漏洞
OpenLDAP modrdn请求空指针引用和内存破坏漏洞
发布日期:2010-07-19
更新日期:2010-07-20
受影响系统:
OpenLDAP OpenLDAP 2.4.22不受影响系统:
OpenLDAP OpenLDAP 2.4.23描述:
BUGTRAQ ID: 41770
CVE ID: CVE-2010-0211,CVE-2010-0212
OpenLDAP是一款开放源代码的轻量级目录访问协议(LDAP)实现。
OpenLDAP的servers/slapd/modrdn.c文件中的slap_modrdn2mods()函数没有检查smr_normalize()的返回值,远程攻击者可以通过发送包含有特制rdn字符串的modrdn请求释放未初始化的指针,导致内存破坏;此外servers/slapd/schema_init.c文件中的IA5StringNormalize()函数还存在空指针引用错误,上述特制请求还可以导致服务崩溃。
<*来源:Ilkka Mattila
链接:http://secunia.com/advisories/40639/
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570
https://www.redhat.com/support/errata/RHSA-2010-0543.html
https://www.redhat.com/support/errata/RHSA-2010-0542.html
http://www.debian.org/security/2010/dsa-2077
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-2077-1)以及相应补丁:
DSA-2077-1:New openldap packages fix potential code execution
链接:http://www.debian.org/security/2010/dsa-2077
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny2.dsc
Size/MD5 checksum: 1831 afe836285d70b3d51b50d06658b7cc22
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz
Size/MD5 checksum: 4193523 d4e8669e2c9b8d981e371e97e3cf92d9
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny2.diff.gz
Size/MD5 checksum: 149276 e9668ba9648e3e1f306a97c6cc77d5a3
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_alpha.deb
Size/MD5 checksum: 1018392 d18b30dd684b7582ba3f5fda7c0ec52d
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_alpha.deb
Size/MD5 checksum: 284794 3d3094d356fa97396dd53701ff8177c1
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_alpha.deb
Size/MD5 checksum: 3625184 8c651f17c240c4222c26783e1333d7b4
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_alpha.deb
Size/MD5 checksum: 281172 d91f060a2e0e9b3f7651913228e33a45
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_alpha.deb
Size/MD5 checksum: 206338 7a268eec31460d56dfa4e51000a0f20e
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_alpha.deb
Size/MD5 checksum: 1534546 70ae45ec33481afbf305544bf9d70cb0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_amd64.deb
Size/MD5 checksum: 205426 c7fecb2287a970a5b06e1dd053413cf6
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_amd64.deb
Size/MD5 checksum: 3665336 a25a01da15aed085d7476043a69c9f43
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_amd64.deb
Size/MD5 checksum: 266508 be5e6b39fb89340139dbde19f09a6777
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_amd64.deb
Size/MD5 checksum: 972300 a73c35b4c7f48427a8fd5fe971c1aac4
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_amd64.deb
Size/MD5 checksum: 299624 b132ed70255863a64e1eb94a5700dbf0
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_amd64.deb
Size/MD5 checksum: 1509162 0e9758a242eb928e9c5287d2801f280b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_arm.deb
Size/MD5 checksum: 1413404 2ff76be2a9be2109b995d2fbb89ba776
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_arm.deb
Size/MD5 checksum: 248960 042b8f1642b8ea512ba4abdf8a60d2b3
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_arm.deb
Size/MD5 checksum: 3576526 6c38ec7d7a9e3a35e043cdb4276b837c
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_arm.deb
Size/MD5 checksum: 869398 5f75a2717d71579905ba1058d530ede0
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_arm.deb
Size/MD5 checksum: 179976 b69cc3f9fd1f4f09eb015e28b60d3b3a
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_arm.deb
Size/MD5 checksum: 279998 0534bb7fb3fc4eaf311bf846dfb3c800
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_armel.deb
Size/MD5 checksum: 244982 09dc4f6dc96aab40b399b52cdd440f49
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_armel.deb
Size/MD5 checksum: 281290 ed72c73b8018e02b579af7fc8652ad5a
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_armel.deb
Size/MD5 checksum: 179660 3ca1f0b69016395df01441d2be719acb
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_armel.deb
Size/MD5 checksum: 863030 4382d905de1db012e3197c1b4cbd53f9
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_armel.deb
Size/MD5 checksum: 3583978 00372759861243bb13585f34bf93be4b
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_armel.deb
Size/MD5 checksum: 1407120 b0fa8a6ea8d9b2305967c1f6486fa901
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_hppa.deb
Size/MD5 checksum: 998740 a675f6577888e4518b38fe32ed9c0954
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_hppa.deb
Size/MD5 checksum: 1532150 1eaf00efdb3f58b494466c6af919d27b
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_hppa.deb
Size/MD5 checksum: 264082 b88df4740a44865d431b292f0e029475
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_hppa.deb
Size/MD5 checksum: 284888 7ce39229438af13c8220edece4e9c856
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_hppa.deb
Size/MD5 checksum: 3621796 d4307c86696c24a200ac12a310885289
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_hppa.deb
Size/MD5 checksum: 201312 e826b1ca00ff0f50fb9472d5f28551f6
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_i386.deb
Size/MD5 checksum: 3562530 a1866b654c74dadd577d7a8322285553
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_i386.deb
Size/MD5 checksum: 189038 039bf2208067cb5899a6c9ae6364a74d
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_i386.deb
Size/MD5 checksum: 286894 0acddd599377272201cd6788a0f19bdc
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_i386.deb
Size/MD5 checksum: 244480 d2ca1f47200257729bfde83e67526527
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_i386.deb
Size/MD5 checksum: 1397792 3740fe46b91fa94690c5cb081b286041
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_i386.deb
Size/MD5 checksum: 870436 f92b3b1928099d93ae35a98e9a75ac65
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_ia64.deb
Size/MD5 checksum: 1038332 2a23da950b3354b1027cb991ba2e9bd1
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_ia64.deb
Size/MD5 checksum: 2016204 54caa4d0966584b247bc4cffdac00d94
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_ia64.deb
Size/MD5 checksum: 269460 89ba522a4c15ac0dacb6537edf468bb9
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_ia64.deb
Size/MD5 checksum: 352176 383c904bee22aee1d94d238de24768e0
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_ia64.deb
Size/MD5 checksum: 3590732 49ac7b30b339381b7d01f9d86ac7e54f
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_ia64.deb
Size/MD5 checksum: 258836 36313ee33851fcc77c9a49bb340f30b2
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_mipsel.deb
Size/MD5 checksum: 3641930 05338b1bcd1ae4a5d921023ce12baa24
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_mipsel.deb
Size/MD5 checksum: 1388338 045112a49ef59f53286e6ff8dcf56f1c
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_mipsel.deb
Size/MD5 checksum: 181222 e2fc86fb9b0e1ca335aa92bdd9ee8088
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_mipsel.deb
Size/MD5 checksum: 261520 f4317c50476ed380b91546a81753483f
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_mipsel.deb
Size/MD5 checksum: 296334 5c106ddb8aab107366077d8bf6c013e4
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_mipsel.deb
Size/MD5 checksum: 846022 87238f27ad1428d0ae2b2555cc5831c7
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_powerpc.deb
Size/MD5 checksum: 295538 7193f88b4fc784f1bc49e16db44bc451
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_powerpc.deb
Size/MD5 checksum: 199352 7cdb792324d09442a7029f768300a830
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_powerpc.deb
Size/MD5 checksum: 1558086 d65f456faf9ac835725a86c3a0c13122
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_powerpc.deb
Size/MD5 checksum: 981510 805f717025ed2e56d241e98987173012
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_powerpc.deb
Size/MD5 checksum: 3721030 85d95b637bcd3de3527cb11554f54d8e
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_powerpc.deb
Size/MD5 checksum: 284672 d49b7a5067b6671933194b849f2f5419
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_s390.deb
Size/MD5 checksum: 1045564 a9c32d3b14f6969228def0dab1f7209c
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_s390.deb
Size/MD5 checksum: 298596 07c975378ad71d9d83ba951f71dc4140
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_s390.deb
Size/MD5 checksum: 266258 d6bfe59a7514b370eea5380d30e4d5b2
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_s390.deb
Size/MD5 checksum: 3700520 c032e0d5e2a209597a7c40e3c6aedfb0
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_s390.deb
Size/MD5 checksum: 1497898 6b20aec732079628189c126595676d80
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_s390.deb
Size/MD5 checksum: 204656 ded26b56657fd5db7686c8163aa9ac11
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_sparc.deb
Size/MD5 checksum: 1394762 207402a46ff26af86197ea981ea25ab8
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_sparc.deb
Size/MD5 checksum: 248828 013b1d3f070546d2524cbe4d49370810
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_sparc.deb
Size/MD5 checksum: 182914 4e271359df09ba43102089da55778d9a
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_sparc.deb
Size/MD5 checksum: 858646 e5e75c350ab491ad5a90413bc1de84df
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_sparc.deb
Size/MD5 checksum: 261014 37c7cc86a4ae1e84ad9e42b8a302a9e8
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_sparc.deb
Size/MD5 checksum: 3501616 2b2fc3cb381ccf9b10901e90999a7403
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
OpenLDAP
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.23.tgz
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2010:0542-01)以及相应补丁:
RHSA-2010:0542-01:Moderate: openldap security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0542.html
浏览次数:3908
严重程度:0(网友投票)
绿盟科技给您安全的保障