[3.5] openldap: Multiple vulnerabilities (CVE-2017-14159, CVE-2017-17740)
CVE-2017-14159: slapd in OpenLDAP 2.4.45 and earlier creates a PID
file after dropping privileges to a non-root account,
which might allow local users to kill arbitrary processes by leveraging
access to this non-root account for PID file modification
before a root script executes a “kill `cat /pathname`” command, as
demonstrated by openldap-initscript.
References:
http://www.openldap.org/its/index.cgi?findid=8703
https://nvd.nist.gov/vuln/detail/CVE-2017-14159
CVE-2017-17740: contrib/slapd-modules/nops/nops.c in OpenLDAP
through 2.4.45, when both the nops module and the
memberof overlay are enabled, attempts to free a buffer that was
allocated on the stack, which allows remote attackers
to cause a denial of service (slapd crash) via a member MODDN operation.
References:
http://www.openldap.org/its/index.cgi/Incoming?id=8759
https://nvd.nist.gov/vuln/detail/CVE-2017-17740
(from redmine: issue id 8788, created on 2018-04-10, closed on 2019-05-04)
- Relations:
- copied_to #8784
- parent #8784