[email protected]CVE-2006-5779

HistoryNov 07, 2006 - 6:07 p.m.

CVE-2006-5779

2006-11-0718:07:00

CWE-617

[email protected]

web.nvd.nist.gov

openldap

cve-2006-5779

remote attack

denial of service

authentication error

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.884 High

EPSS

Percentile

98.7%

JSON

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

CPENameOperatorVersion
openldap:openldapopenldaplt2.3.29
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq5.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06

CPE	Name	Operator	Version
openldap:openldap	openldap	lt	2.3.29
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	5.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06

References

gleg.net/downloads/VULNDISCO_META_FREE.tar.gz

gleg.net/vulndisco_meta.shtml

secunia.com/advisories/22750

secunia.com/advisories/22953

secunia.com/advisories/22996

secunia.com/advisories/23125

secunia.com/advisories/23133

secunia.com/advisories/23152

secunia.com/advisories/23170

security.gentoo.org/glsa/glsa-200611-25.xml

securityreason.com/securityalert/1831

securitytracker.com/id?1017166

www.mandriva.com/security/advisories?name=MDKSA-2006:208

www.novell.com/linux/security/advisories/2006_72_openldap2.html

www.openldap.org/its/index.cgi/Software%20Bugs?id=4740

www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html

www.securityfocus.com/archive/1/450728/100/0/threaded

www.securityfocus.com/bid/20939

www.trustix.org/errata/2006/0066/

www.ubuntu.com/usn/usn-384-1

www.vupen.com/english/advisories/2006/4379

exchange.xforce.ibmcloud.com/vulnerabilities/30076

issues.rpath.com/browse/RPL-820

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.884 High

EPSS

Percentile

98.7%

JSON

Related for CVE-2006-5779

nessus8 openvas5 checkpoint_advisories1 securityvulns1 ubuntu1 suse1 redhatcve1 ubuntucve1 gentoo1