226 matches found
CVE-2009-5072
Memory leak in the ldapexplodedn function in IBM Tivoli Directory Server TDS 6.0 before 6.0.0.61 aka 6.0.0.8-TIV-ITDS-IF0003 allows remote authenticated users to cause a denial of service memory consumption via an empty string argument...
DEBIAN-CVE-2011-1025
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name DN, which allows remote attackers to bypass intended access restrictions via an arbitrary password...
CVE-2011-1025
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name DN, which allows remote attackers to bypass intended access restrictions via an arbitrary password...
Design/Logic Flaw
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service daemon crash via a relative Distinguished Name DN modification request aka MODRDN operation that contains an empty value for the OldDN field...
CVE-2011-1081
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service daemon crash via a relative Distinguished Name DN modification request aka MODRDN operation that contains an empty value for the OldDN field...
openldap: DoS when submitting special MODRDN request
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service daemon crash via a relative Distinguished Name DN modification request aka MODRDN operation that contains an empty value for the OldDN field...
RedHat Update for openldap RHSA-2010:0542-01
Check for the Version of openldap OpenVAS Vulnerability Test RedHat Update for openldap RHSA-2010:0542-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
IBM Lotus Domino LDAP Server Invalid DN Message Buffer Overflow (CVE-2007-1739)
IBM Lotus Domino Server is a collaboration software that provides mail, messaging, calendaring and scheduling capabilities across multiple platforms. The product implements numerous services based on open standards, including LDAP, SMTP, IMAP, and POP3. There exist a buffer overflow vulnerability...
PT-2009-2789 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: A spoofing issue exists due to incomplete validation of the distinguished name in a digital certificate. This can be combined with other attacks, such as DNS spoofing, allowin...
CVE-2008-4989
The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...
Code injection
The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...
CVE-2008-4989
The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...
gnutls: certificate chain verification flaw
The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...
Firefox self signed certificate flaw
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also...
Authentication flaw
The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...
CVE-2008-0555
The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...
CVE-2008-0555
CVE-2008-0555 affects Apache-SSL: ExpandCert() mishandles '/' and '=' in a client certificate DN, enabling a crafted DN to overwrite environment variables and potentially bypass authentication. Affected: Apache-SSL before apache_1.3.41+ssl_1.59. Mitigation: upgrade to apache_1.3.41+ssl_1.59.
Low: Red Hat Security Advisory: openldap security and bug-fix update
A updated openldap packages that fix a security flaw and a memory leak bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protoc...
CVE-2006-1782
Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name rootDN password when a privileged user 1 runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including 2 ldapadd, 3 ldapdelete, 4 ldapmodify, 5 ldapmodrd...
DEBIAN-CVE-2004-0488
Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...