116 matches found
Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in OpenLDAP (CVE-2015-6908)
Summary A vulnerability in OpenLDAP affects IBM Security Access Manager appliances. Vulnerability Details CVEID: CVE-2015-6908 DESCRIPTION: OpenLDAP is vulnerable to a denial of service, caused by an assertion error in the bergetnext function. By sending a specially-crafted packet, a remote...
Ubuntu 14.04 LTS / 16.04 LTS : OpenLDAP vulnerability (USN-3307-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3307-1 advisory. Karsten Heymann discovered that OpenLDAP incorrectly handled certain search requests. A remote attacker could use this issue to cause slapd to crash,...
OpenLDAP Denial of Service Vulnerability (CNVD-2015-06013)
OpenLDAP is a free and open source implementation of the Lightweight Directory Access Protocol LDAP from the OpenLDAP Foundation in the United States, which is included in Linux distributions. A security vulnerability in the 'bergetnext' function in the libraries/liblber/io.c file in OpenLDAP...
Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information
Multiple vulnerabilities in the openldap package up to version 2.2.28-r3 of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...
The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the openldap-2.3.43 package for the CentOS operating system can be exploited, leading to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely by a malicious individual who has completed the...
CVE-2014-9713
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors...
CVE-2015-1546
Double free vulnerability in the getvrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service crash via a crafted search query with a matched values control...
CVE-2015-1545
The derefparseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an empty attribute list in a deref control in a search request...
CVE-2013-4449
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the session context while it is being used by...
CVE-2011-4079
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service slapd crash via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry...
PT-2011-1193 · Openldap · Openldap
Name of the Vulnerable Software and Affected Versions: OpenLDAP versions 2.4.26 and earlier Description: The issue is related to an off-by-one error in the UTF8StringNormalize function, which can be exploited by remote attackers to cause a denial of service slapd crash via a zero-length string...
CVE-2011-1081
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service daemon crash via a relative Distinguished Name DN modification request aka MODRDN operation that contains an empty value for the OldDN field...
CVE-2011-1024
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicyforwardupdates aka authentication-failure forwarding is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a sla...
CVE-2010-0211
The slapmodrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smrnormalize function, which allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a modrdn call with an RDN string containing...
CVE-2009-3767
libraries/libldap/tlso.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers vi...
CentOS Update for compat-openldap CESA-2008:0110 centos5 i386
Check for the Version of compat-openldap OpenVAS Vulnerability Test CentOS Update for compat-openldap CESA-2008:0110 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
DTSA-151-1 openldap - denial of service
Bulletin has no description...
CVE-2008-2952
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams that trigger an assertion error...
CVE-2004-0823
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed crypt passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed...
GLSA-200403-12 : OpenLDAP DoS Vulnerability
The remote host is affected by the vulnerability described in GLSA-200403-12 OpenLDAP DoS Vulnerability A password extended operation password EXOP which fails will cause the slapd server to free an uninitialized pointer, possibly resulting in a segfault. This only affects servers using the...