Astra Linux - уязвимость в openldap

In OpenLDAP versions 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function due to a malicious packet. This leads to a denial of service daemon exits caused by a short timestamp. This issue is related to the schemainit.c file and the...

Unity Linux 20.1060e / 20.1070e Security Update: openldap (UTSA-2026-017550)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017550 advisory. An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of...

JLSEC-2026-162

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23. The highest threat from this vulnerability is to system availability...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in an SQL Command (CVE-2022-29155)

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

Siemens SIMATIC S7-1500 Reachable Assertion (CVE-2020-36230)

A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c bernextelement, resulting in denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

CLSA-2023-1689702307 openldap: Fix of CVE-2023-2953

CVE-2023-2953: added check for strdup failure, to avoid null pointer dereference...

SUSE CVE-2006-2754

Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname...

SUSE CVE-2019-13565

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs...

DEBIAN-CVE-2022-22576

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring resulting in denial of service.

...

UBUNTU-CVE-2020-36230

A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c bernextelement, resulting in denial of service...

UBUNTU-CVE-2020-36228

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service...

PT-2021-5553 · Openldap +7 · Openldap +7

Name of the Vulnerable Software and Affected Versions: OpenLDAP versions prior to 2.4.57 Description: A flaw was discovered in OpenLDAP leading to an infinite loop in slapd with the cancel extop Cancel operation, resulting in denial of service. This issue can be exploited by a remote attacker by...

PT-2021-5554 · Openldap +7 · Openldap +7

Name of the Vulnerable Software and Affected Versions: OpenLDAP versions prior to 2.4.57 Description: The issue is related to a double free memory error during the handling of the Values Return Filter control, which can lead to a denial of service DoS when a specially crafted request is sent to...

UBUNTU-CVE-2020-25710

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23. The highest threat from this vulnerability is to system availability...

UBUNTU-CVE-2019-19906

cyrus-sasl aka Cyrus SASL 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in sasladdstring in common.c in cyrus-sasl...

USN-3307-1 openldap vulnerability

Karsten Heymann discovered that OpenLDAP incorrectly handled certain search requests. A remote attacker could use this issue to cause slapd to crash, resulting in a denial of service...

ALPINE-CVE-2017-9287

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0...

ldapsearch notes

I seem to find open LDAP servers on the Internet more often than I should. Here are some notes on using ldapsearch Installing ldapsearch on Ubuntu 1 | apt-get install ldap-utils ---|--- Root-DSE object nmap includes a script to gather info from a LDAP root-dse object . We can also use ldapsearch ...

[Directory Scanner v3.0] Remote Directory Server Fingerprinting Tool

Directory Scanner is the FREE Directory Server fingerprinting tool. It can help you to remotely detect the type of Directory servers such as Microsoft Active Directory, Novell eDirectory etc running on the local network as well as Internet. In addition to this, it can greatly help administrators ...