Privacy and Legal Notice

CIAC INFORMATION BULLETIN

S-199: OpenLDAP Vulnerability

[Red Hat RHSA-2008:0110-3]

February 25, 2008 21:00 GMT
[REVISED 28 Mar 2008]
[REVISED 14 Apr 2008]
PROBLEM: There is a flaw in the way the OpenLDAP slapd daemon handled modified and modrdn request with NOOP control on objects stored in a Berkeley DB (BDB) storage backend.
PLATFORM: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (. 5 server)
Red Hat Enterprise Linux AS, ES, WS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client))
Debian GNU/Linux 4.0 (etch) and (stable)
DAMAGE: DoS.
SOLUTION: Upgrade to the appropriate version.
VULNERABILITY
ASSESSMENT:		 The risk is LOW. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP ojects could cause slapd to crash.
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-199.shtml
  ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0110.html
  ADDITIONAL LINKS: http://www.debian.org/security/2008/dsa-1530
http://www.debian.org/security/2008/dsa-1541
  CVE: CVE-2007-6698 CVE-2008-0658 
REVISION HISTORY:
03/28/2008 - revised S-199 to add a link to Debian Security Advisory DSA-1530-1 for Debian
             GNU/Linux 4.0 (etch).
04/14/2008 - revised S-199 to add a link to Debian Security Advisory DSA-1541-1 
             for Debian GNU/Linux 4.0 (stable).



[***** Start Red Hat  RHSA-2008:0110-3 *****]

Important: cups security update

Advisory: RHSA-2008:0157-5
Type: Security Advisory
Severity: Important
Issued on: 2008-02-21
Last updated on: 2008-02-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: com.redhat.rhsa-20080157.xml
CVEs (cve.mitre.org): CVE-2008-0882

Details

Updated cups packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems. The Internet Printing Protocol (IPP) is a
standard network protocol for remote printing, as well as managing print
jobs.

A flaw was found in the way CUPS handles the addition and removal of remote
shared printers via IPP. A remote attacker could send malicious UDP IPP
packets causing the CUPS daemon to crash. (CVE-2008-0882)

Note: the default configuration of CUPS on Red Hat Enterprise Linux 5 will
only accept requests of this type from the local subnet. This issue did not
affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or
4.

All cups users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm     61ed2f1148456b015f1e9af75126b867
 
x86_64:
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm     61ed2f1148456b015f1e9af75126b867
cups-devel-1.2.4-11.14.el5_1.4.x86_64.rpm     9ac3e7460492e6bf57a542feb66c5123
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
cups-1.2.4-11.14.el5_1.4.src.rpm     906d5a6a95b03a62a8af39c825b5aed5
 
IA-32:
cups-1.2.4-11.14.el5_1.4.i386.rpm     cb158daeec9eeca33ed24a722175ceff
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm     61ed2f1148456b015f1e9af75126b867
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm     2fc9515399f6abbee294f475c022a090
cups-lpd-1.2.4-11.14.el5_1.4.i386.rpm     e1d57506c2e474f5d6b41829f212ad84
 
IA-64:
cups-1.2.4-11.14.el5_1.4.ia64.rpm     4a7edca6c4ae2c590e21789aa4169bb6
cups-devel-1.2.4-11.14.el5_1.4.ia64.rpm     f1b77ef88fc8c6458d256735e63bdda7
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm     2fc9515399f6abbee294f475c022a090
cups-libs-1.2.4-11.14.el5_1.4.ia64.rpm     669c5e2c28ab235e0164a3c1098d67e6
cups-lpd-1.2.4-11.14.el5_1.4.ia64.rpm     b3ab3107bf53fba9cbc68393a6e8b71f
 
PPC:
cups-1.2.4-11.14.el5_1.4.ppc.rpm     a64c0cd55dc4a0167fe1db40b4a2b525
cups-devel-1.2.4-11.14.el5_1.4.ppc.rpm     00f402da5be086f24f82991ef1101335
cups-devel-1.2.4-11.14.el5_1.4.ppc64.rpm     7a1f605f658a12b696be196ebea8f78d
cups-libs-1.2.4-11.14.el5_1.4.ppc.rpm     53fc94eaf8b0e41591100982f81b1b47
cups-libs-1.2.4-11.14.el5_1.4.ppc64.rpm     4d7e7b0e81d9e50e28a460c3cb8db8f2
cups-lpd-1.2.4-11.14.el5_1.4.ppc.rpm     5820b1269630c7388c65a145210f7b20
 
s390x:
cups-1.2.4-11.14.el5_1.4.s390x.rpm     56949b02960052134341ea4966e8876c
cups-devel-1.2.4-11.14.el5_1.4.s390.rpm     ed4a43d66863754dc0b0fc1faa926cd7
cups-devel-1.2.4-11.14.el5_1.4.s390x.rpm     688b9e0f47d8457b0ea66c23471464c5
cups-libs-1.2.4-11.14.el5_1.4.s390.rpm     be7387fbb378bc78cbfb084a198ad344
cups-libs-1.2.4-11.14.el5_1.4.s390x.rpm     cdd5e3a36bf0f1381aea4142db7e0c2e
cups-lpd-1.2.4-11.14.el5_1.4.s390x.rpm     fce53915f86473bf506bd35fef42b093
 
x86_64:
cups-1.2.4-11.14.el5_1.4.x86_64.rpm     c4b23829ad62d4de40ebcbba5cebe389
cups-devel-1.2.4-11.14.el5_1.4.i386.rpm     61ed2f1148456b015f1e9af75126b867
cups-devel-1.2.4-11.14.el5_1.4.x86_64.rpm     9ac3e7460492e6bf57a542feb66c5123
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm     2fc9515399f6abbee294f475c022a090
cups-libs-1.2.4-11.14.el5_1.4.x86_64.rpm     04280894c25a526b737e03e34a338c13
cups-lpd-1.2.4-11.14.el5_1.4.x86_64.rpm     a8bb32c0d59ef5e78ed851e90992b0f5
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
cups-1.2.4-11.14.el5_1.4.src.rpm     906d5a6a95b03a62a8af39c825b5aed5
 
IA-32:
cups-1.2.4-11.14.el5_1.4.i386.rpm     cb158daeec9eeca33ed24a722175ceff
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm     2fc9515399f6abbee294f475c022a090
cups-lpd-1.2.4-11.14.el5_1.4.i386.rpm     e1d57506c2e474f5d6b41829f212ad84
 
x86_64:
cups-1.2.4-11.14.el5_1.4.x86_64.rpm     c4b23829ad62d4de40ebcbba5cebe389
cups-libs-1.2.4-11.14.el5_1.4.i386.rpm     2fc9515399f6abbee294f475c022a090
cups-libs-1.2.4-11.14.el5_1.4.x86_64.rpm     04280894c25a526b737e03e34a338c13
cups-lpd-1.2.4-11.14.el5_1.4.x86_64.rpm     a8bb32c0d59ef5e78ed851e90992b0f5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

433758 - CVE-2008-0882 cups: double free vulnerability in process_browse_data()


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/


[***** End Red Hat  RHSA-2008:0110-3 *****]
CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin.
CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at: 
    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@ciac.org
    World Wide Web:  http://www.ciac.org/
    Anonymous FTP:   ftp.ciac.org
This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.
UCRL-MI-119788
[Privacy and Legal Notice]