Some vulnerabilities have been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS (Denial of Service).

1) A vulnerability is caused due to the "add_filter_attrs()" function in servers/slapd/overlay/pcache.c not correctly NULL terminating "new_attrs", which can be exploited to crash slapd due to an out of bounds memory access.

Successful exploitation may require that slapd runs as proxy-caching server.

2) An error within the normalisation of "objectClasses" can be exploited to crash a vulnerable server by sending a malformed "objectClasses" attribute.

The vulnerabilities are reported in versions prior to 2.3.39.

3) An error when performing modify operations with a NOOP control on entries stored in the BDB backend can be exploited to crash the slapd daemon.

The vulnerability is reported in versions prior to 2.3.36.

Note: Several other bugs, which may have a security impact, were also reported.

Solution
Update to version 2.3.39.
Further details available to Secunia VIM customers

Provided and/or discovered by
1) Tony Blake
2) Thomas Sesselmann
3) Jonathan Clarke

Changelog
Further details available to Secunia VIM customers

Original Advisory
http://www.openldap.org/software/release/changes.html

1) http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163
2) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5119
3) http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4925

Deep Links
Links available to Secunia VIM customers