394 matches found
RHEL 8 : 389-ds (RHSA-2024:4235)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4235 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP...
K000140040: OpenLDAP slapd vulnerabilities CVE-2020-36230, CVE-2020-36229, CVE-2017-17740, CVE-2017-9287, and CVE-2017-14159
Security Advisory Description CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c bernextelement, resulting in denial of service. CVE-2020-36229 A flaw was discovered in ldapX509dn2bv in OpenLDAP before 2.4.57...
RHEL 7 : openldap (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openldap: ACL restrictions bypass due to saslssf value being set permanently CVE-2019-13565 -...
CVE-2024-2199 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...
BIT-OPENLDAP-2020-36223
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service double free and out-of-bounds read...
BIT-OPENLDAP-2022-29155
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...
CLSA-2023-1695834945 openldap: Fix of 2 CVEs
CVE-2022-29155: fix a SQL injection vulnerability in the back-sql backend to slapd - CVE-2021-27212: fix denial of service daemon exit via a short timestamp if slapd is used...
EulerOS Virtualization 3.0.2.0 : openldap (EulerOS-SA-2023-1725)
According to the versions of the openldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend...
Amazon Linux AMI : openldap (ALAS-2023-1741)
The version of openldap installed on the remote host is prior to 2.4.40-16.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1741 advisory. An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and...
SUSE CVE-2006-4600
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List ACL privileges to modify arbitrary Distinguished Names DN...
SUSE CVE-2007-6698
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service crash via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability...
SUSE CVE-2008-0658
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service daemon crash via a modrdn operation with a NOOP LDAPXNOOPERATION control, a related issue to CVE-2007-6698...
SUSE CVE-2011-1081
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service daemon crash via a relative Distinguished Name DN modification request aka MODRDN operation that contains an empty value for the OldDN field...
SUSE CVE-2011-4079
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service slapd crash via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry...
SUSE CVE-2012-1164
slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service assertion failure and daemon exit via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned...
SUSE CVE-2014-8182
An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses...
SUSE CVE-2015-6908
The bergetnext function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd...
SUSE CVE-2017-14159
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...
SUSE CVE-2018-14624
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd t...
SUSE CVE-2018-14638
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in deletepasswdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service...