394 matches found
Mandrake Linux Security Advisory : openldap (MDKSA-2007:215)
A flaw in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes was discovered. A local or remote attacker could create an LDAP request that could cause a denial of service by crashing slapd. Updated packages have been patched to prevent this issue. %NASLMINLEVEL 70300 C...
openldap slapd DoS via objectClasses attribute
OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service slapd crash via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent...
CVE-2007-5708
slapo-pcache overlays/pcache.c in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service segmentation fault v...
CVE-2007-3224
Unspecified vulnerability in Sun ONE/Java System Directory Server slapd 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors...
CVE-2007-3225
Sun Java System Directory Server (slapd) 6.0 and 5.2 with Patch 3 or 4 are affected by CVE-2007-3225. The vulnerability allows remote attackers to modify certain data via unknown vectors. The available documents do not specify the exact component/function/file/root cause, nor provide a confirmed ...
CVE-2007-3224
CVE-2007-3224 refers to an information-disclosure vulnerability in Sun Java System Directory Server (slapd) affecting versions 6.0 and 5.x before 5.2 Patch 5. The issue allows remote attackers to determine the existence of attributes of an entry via unspecified vectors. Connected sources (includi...
security flaw
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List ACL privileges to modify arbitrary Distinguished Names DN...
security flaw
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List ACL privileges to modify arbitrary Distinguished Names DN...
CVE-2006-4175
The CVE-2006-4175 issue affects Sun Java System Directory Server and ONE Directory Server (ns-slapd) versions 5.2 Patch4 and earlier, and 5.1/5.2 for ONE. Affected component: LDAP server; root cause: malformed BER queries in the BER decoding/cleanup path lead to a free of uninitialized memory. Im...
Apple OpenDirectory DoS
slapd assert on malformed bind request...
CVE-2005-3567
The CVE-2005-3567 entry concerns the slapd daemon in IBM Tivoli Directory Server (ITDS) versions 5.2.0 and 6.0.0. It describes a vulnerability where binds using SASL EXTERNAL can bypass authentication, enabling an attacker to modify and delete directory data via unspecified attack vectors. The co...
CVE-2002-1508
CVE-2002-1508 affects OpenLDAP2 (OpenLDAP 2) where the slapd service on version 2.2.0 and earlier is vulnerable to a race condition that can allow a local user to overwrite arbitrary files during the creation of a log file for rejected replication requests. The vulnerability is rooted in how the ...
CVE-2001-0977
CVE-2001-0977 affects slapd in OpenLDAP, where OpenLDAP 1.x prior to 1.2.12 and 2.x prior to 2.0.8 are vulnerable. The issue is triggered by receiving LDAP BER length fields with invalid lengths, allowing remote attackers to cause a denial-of-service crash. Public advisories describe this as a re...
CVE-2002-0045
The CVE affects OpenLDAP slapd prior to 2.0.20 (OpenLDAP 2.0.0–2.0.19; anonymous before 2.0.8) where a faulty ACL check allows a local/anonymous user to perform a replace operation with an empty value list. This bypasses access controls and can delete non-mandatory attributes that ACLs would norm...