Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3209-1:69E49
HistoryMar 30, 2015 - 9:05 p.m.

[SECURITY] [DSA 3209-1] openldap security update

2015-03-3021:05:49
lists.debian.org
9

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.961 High

EPSS

Percentile

99.5%

JSON

Debian Security Advisory DSA-3209-1 [email protected]
http://www.debian.org/security/ Yves-Alexis Perez
March 30, 2015 http://www.debian.org/security/faq

Package : openldap
CVE ID : CVE-2013-4449 CVE-2014-9713 CVE-2015-1545
Debian Bug : 729367 761406 776988

Multiple vulnerabilities were found in OpenLDAP, a free implementation
of the Lightweight Directory Access Protocol.

CVE-2013-4449

Michael Vishchers from Seven Principles AG discovered a denial of
service vulnerability in slapd, the directory server implementation.
When the server is configured to used the RWM overlay, an attacker
can make it crash by unbinding just after connecting, because of an
issue with reference counting.

CVE-2014-9713

The default Debian configuration of the directory database allows
every users to edit their own attributes. When LDAP directories are
used for access control, and this is done using user attributes, an
authenticated user can leverage this to gain access to unauthorized
resources.
.
Please note this is a Debian specific vulnerability.
.
The new package won't use the unsafe access control rule for new
databases, but existing configurations won't be automatically
modified. Administrators are incited to look at the README.Debian
file provided by the updated package if they need to fix the access
control rule.

CVE-2015-1545

 Ryan Tandy discovered a denial of service vulnerability in slapd.
 When using the deref overlay, providing an empty attribute list in
 a query makes the daemon crashes.

For the stable distribution (wheezy), these problems have been fixed in
version 2.4.31-2.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 2.4.40-4.

For the unstable distribution (sid), these problems have been fixed in
version 2.4.40-4.

We recommend that you upgrade your openldap packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7allopenldap<Β 2.4.31-2openldap_2.4.31-2_all.deb

Related

nessus 26
securityvulns 6
openvas 27
osv 2
debian 1
ubuntu 2
prion 3
cve 3
debiancve 3
ubuntucve 3
fedora 3
checkpoint_advisories 3
redhat 2
seebug 1
veracode 1
oraclelinux 2
f5 4
centos 2
mageia 2
amazon 1
kaspersky 1
apple 2
nessus
nessus
Debian DSA-3209-1 : openldap - security update
2015-03-31 00:00:00
Debian DLA-203-1 : openldap security update
2015-04-20 00:00:00
SuSE 11.3 Security Update : openldap2 (SAT Patch Number 10635)
2015-05-18 00:00:00
securityvulns
securityvulns
OpenLDAP multiple security vulnerabilities
2015-04-13 00:00:00
[SECURITY] [DSA 3209-1] openldap security update
2015-04-13 00:00:00
OpenLDAP DoS
2014-04-07 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3209-1)
2015-03-29 00:00:00
Debian Security Advisory DSA 3209-1 (openldap - security update)
2015-03-30 00:00:00
Debian: Security Advisory (DLA-203-1)
2023-03-08 00:00:00
osv
osv
openldap - security update
2015-03-30 00:00:00
openldap - security update
2015-04-18 00:00:00
debian
debian
[SECURITY] [DLA 203-1] openldap security update
2015-04-18 15:26:48
ubuntu
ubuntu
OpenLDAP vulnerabilities
2015-05-26 00:00:00
OpenLDAP vulnerabilities
2015-09-16 00:00:00
prion
prion
Design/Logic Flaw
2015-04-01 14:59:00
Null pointer dereference
2015-02-12 16:59:00
Design/Logic Flaw
2014-02-05 18:55:00
cve
cve
CVE-2014-9713
2015-04-01 14:59:00
CVE-2015-1545
2015-02-12 16:59:00
CVE-2013-4449
2014-02-05 18:55:00
debiancve
debiancve
CVE-2014-9713
2015-04-01 14:59:00
CVE-2013-4449
2014-02-05 18:55:00
CVE-2015-1545
2015-02-12 16:59:00
ubuntucve
ubuntucve
CVE-2014-9713
2015-04-01 00:00:00
CVE-2015-1545
2015-02-12 00:00:00
CVE-2013-4449
2014-02-05 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: openldap-2.4.40-3.fc21
2015-04-13 07:04:55
[SECURITY] Fedora 19 Update: openldap-2.4.39-2.fc19
2014-03-11 04:01:35
[SECURITY] Fedora 20 Update: openldap-2.4.39-2.fc20
2014-02-11 23:13:08
checkpoint_advisories
checkpoint_advisories
OpenLDAP slapd Deref Overlay Null Pointer Dereference (CVE-2015-1545)
2015-07-12 00:00:00
OpenLDAP rwm Overlay Denial of Service (CVE-2013-4449)
2013-12-22 00:00:00
OpenLDAP rwm Overlay Denial of Service - ver 2 (CVE-2013-4449)
2014-05-18 00:00:00
redhat
redhat
(RHSA-2014:0206) Moderate: openldap security update
2014-02-24 00:00:00
(RHSA-2014:0126) Moderate: openldap security and bug fix update
2014-02-03 00:00:00
seebug
seebug
Cisco Unified Communications Managerζ‹’η»ζœεŠ‘ζΌζ΄ž
2014-04-08 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:56:00
oraclelinux
oraclelinux
openldap security update
2014-02-24 00:00:00
openldap security and bug fix update
2014-02-03 00:00:00
f5
f5
K16882 : OpenLDAP vulnerability CVE-2013-4449
2015-07-02 00:00:00
SOL16882 - OpenLDAP vulnerability CVE-2013-4449
2015-07-02 00:00:00
K16343 : OpenLDAP vulnerabilities CVE-2015-1545 and CVE-2015-1546
2015-04-02 00:00:00
centos
centos
openldap security update
2014-02-04 05:35:44
compat, openldap security update
2014-02-24 19:35:05
mageia
mageia
Updated openldap packages fix security vulnerability
2014-02-12 21:20:43
Updated openldap packages fix CVE-2015-1545
2015-04-10 01:54:46
amazon
amazon
Medium: openldap
2014-02-26 16:22:00
kaspersky
kaspersky
KLA10486 Denial of service vulnerability in OpenLDAP
2015-02-12 00:00:00
apple
apple
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
2019-12-10 00:00:00
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
2020-11-12 07:38:35

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.961 High

EPSS

Percentile

99.5%

JSON
Related for DEBIAN:DSA-3209-1:69E49
nessus26securityvulns6openvas27osv2debian1ubuntu2prion3cve3debiancve3ubuntucve3fedora3checkpoint_advisories3redhat2seebug1veracode1oraclelinux2f54centos2mageia2amazon1kaspersky1apple2