5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.947 High
EPSS
Percentile
99.2%
Package : openldap
Version : 2.4.23-7.3+deb6u2
CVE ID : CVE-2015-6908
Debian Bug : 798622
Denis Andzakovic discovered that OpenLDAP, a free implementation of the
Lightweight Directory Access Protocol, does not properly handle BER
data. An unauthenticated remote attacker can use this flaw to cause a
denial of service (slapd daemon crash) via a specially crafted packet.
The Squeeze-LTS package has been prepared by Ryan Tandy.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | s390x | slapd | < 2.4.40+dfsg-1+deb8u1 | slapd_2.4.40+dfsg-1+deb8u1_s390x.deb |
Debian | 7 | armhf | slapd | < 2.4.31-2+deb7u1 | slapd_2.4.31-2+deb7u1_armhf.deb |
Debian | 7 | kfreebsd-i386 | slapd-smbk5pwd | < 2.4.31-2+deb7u1 | slapd-smbk5pwd_2.4.31-2+deb7u1_kfreebsd-i386.deb |
Debian | 8 | ppc64el | ldap-utils | < 2.4.40+dfsg-1+deb8u1 | ldap-utils_2.4.40+dfsg-1+deb8u1_ppc64el.deb |
Debian | 7 | s390 | slapd-smbk5pwd | < 2.4.31-2+deb7u1 | slapd-smbk5pwd_2.4.31-2+deb7u1_s390.deb |
Debian | 7 | ia64 | slapd-dbg | < 2.4.31-2+deb7u1 | slapd-dbg_2.4.31-2+deb7u1_ia64.deb |
Debian | 7 | mips | libldap-2.4-2-dbg | < 2.4.31-2+deb7u1 | libldap-2.4-2-dbg_2.4.31-2+deb7u1_mips.deb |
Debian | 7 | armhf | libldap-2.4-2 | < 2.4.31-2+deb7u1 | libldap-2.4-2_2.4.31-2+deb7u1_armhf.deb |
Debian | 8 | powerpc | libldap-2.4-2-dbg | < 2.4.40+dfsg-1+deb8u1 | libldap-2.4-2-dbg_2.4.40+dfsg-1+deb8u1_powerpc.deb |
Debian | 7 | kfreebsd-amd64 | libldap-2.4-2 | < 2.4.31-2+deb7u1 | libldap-2.4-2_2.4.31-2+deb7u1_kfreebsd-amd64.deb |