2399 matches found
Multiple versions of OpenLDAP are vulnerable to denial-of-service attacks
Overview Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the...
CVE-2001-0977
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service crash via an invalid Basic Encoding Rules BER length field...
CVE-2000-0748
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse...
CVE-2000-0747
The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon klogd and kills it...
CVE-2000-0748
OpenLDAP 1.2.11 and earlier is affected by CVE-2000-0748 due to the ud binary being installed with group write permissions. This allows any user in the affected group to replace the ud binary with a Trojan horse, enabling potential tampering of LDAP operations. The CVSS v2 metrics indicate LOCAL ...
CVE-2000-0748
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse...
Linux news 8.09.00
Linux Kernel 2.4.0 test8 pre6 Вышел шестой пререлиз восьмого тестового ядра Linux Kernel 2.4.0. Подробнее: http://linuxtoday.com/newsstory.php3?ltsn=2000-09-06-002-04-NW-KN Linux 2.0.39pre8 David Weinehall выпустил следующую pre-версию нового ядра из старой стабильной серии Linux: 2.0.39pre8...
Linux news 5.09.00
Linux 2.2.17 Вышло новое ядро из стабильной серии - 2.2.17 Подробнее: http://www.linux.org.uk/VERSION/relnotes.2217.html Linux 2.2.18pre3 Alan Cox выпустил 1-ю pre-версию "после-следующего" стабильного ядра Linux - 2.2.18. Работа над следующим стабильным ядром Linux, 2.2.17, закончилась на pre20,...
Проблемы с OpenLDAP
исполняемые файлы устанавливаются с разрешениями позволяющие запись для группы...
Group-writable executable in OpenLDAP
OpenLDAP installs the ud binary in $binpath with mode 775 and default group i.e. either you primary gid or the directories gid. Of course the consequences depend on which group this actually is. This was checked with 1.2.11 latest stable, but probably also exists in earlier versions, since the...
CVE-2000-0336
Summary: CVE-2000-0336 affects the OpenLDAP server, where local users can modify arbitrary files via a symlink attack. The root cause described in connected Nessus/Mandrake entries is that OpenLDAP follows symbolic links when creating files, using a default location like /usr/tmp (symlinked to /t...
CVE-2000-0336
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack...
Security Advisory
--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New openldap packages. Advisory ID: RHSA-2000:012-05 Issue date: 2000-04-13 Updated on: 2000-04-21 Product: Red Hat Linux Keywords: openldap startup symlink overwrite denial Cross...
CVE-2000-0336
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack...
OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink
source: https://www.securityfocus.com/bid/1232/info A vulnerability exists in OpenLDAP as shipped with some versions of Linux, including RedHat 6.1 and 6.2, and TurboLinux 6.0.2 and earlier. OpenLDAP will create files in /usr/tmp, which is actually a symbolic link to the world writable /tmp...
OpenLDAP 1.2.71.2.81.2.91.2.10 - usrtmp Symlink
OpenLDAP 1.2.71.2.81.2.91.2.10 - usrtmp Symlink source: https://www.securityfocus.com/bid/1232/info A vulnerability exists in OpenLDAP as shipped with some versions of Linux, including RedHat 6.1 and 6.2, and TurboLinux 6.0.2 and earlier. OpenLDAP will create files in /usr/tmp, which is actually ...
DUO-PSA-2020-002: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2020-002 Publication Date: 2020-04-28 Revision Date: 2020-04-28 Status: Confirmed, Fixed Document Revision: 1 Overview Duo Engineering has identified and fixed an issue with directory sync for on-premises Microsoft Active Directory, OpenLDAP, and...
PT-2010-5625 · Openldap +1 · Libldap +3
Name of the Vulnerable Software and Affected Versions: openldap versions 2.2.13 through 2.4.22 openldap versions prior to 2.4.35 openldap-clients-2.2.13 openldap-servers-2.2.13 openldap-servers-sql-2.2.13 openldap-devel-2.2.13 compat-openldap-2.1.30 libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev...
PT-2006-7589 · Openldap · Openldap
Name of the Vulnerable Software and Affected Versions: OpenLDAP versions prior to 2.3.29 Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via LDAP BIND requests with long authcid names. This triggers an assertion failure, leading to a...