5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.075 Low
EPSS
Percentile
94.1%
Apple has reported a vulnerability in their version of OpenLDAP that is included in Apple Mac OS X and Mac OS X Server versions 10.4 to 10.4.6. If successfully exploited, this vulnerability would allow an attacker to create a denial-of-service condition.
OpenLDAP is a popular open-source implementation of the Lightweight Directory Access Protocol (LDAP). The software allows LDAP-aware programs on a network to get information from a server. Apple uses OpenLDAP as a part of their Open Directory product.
Apple reports that there is an assertion error in their implementation of OpenLDAP. An attacker may be able to exploit this vulnerability by sending a specially crafted invalid LDAP request to the server which triggers the assertion. The result of a successful attack would be a denial-of-service condition.
Only network access to the server is required to exploit this vulnerability.
A remote unauthenticated attacker may be able to create a denial-of-service condition.
Upgrade
Apply the upgrade provided by Apple. Refer to the Apple security updates in Mac OS X version 10.4.7 for more information.
Restrict Access
Restrict access to servers running affected versions of the software to trusted hosts or networks. Apple lists the LDAP ports used by their products as 389/tcp
and 389/udp
.
652196
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: June 28, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Apple has released OS X version 10.4.7 to address this issue. See the Apple Mac OS X 10.4.7 update for details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23652196 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Apple Product Security for reporting this vulnerability. Apple, in turn, credits the Mu Security research team with reporting this issue to them.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2006-1470 |
---|---|
Severity Metric: | 0.22 Date Public: |