EUVD-2011-1096

Malware in sbrugna...

SUSE CVE-2008-0658

slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service daemon crash via a modrdn operation with a NOOP LDAPXNOOPERATION control, a related issue to CVE-2007-6698...

SUSE CVE-2010-0211

The slapmodrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smrnormalize function, which allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a modrdn call with an RDN string containing...

SUSE SLES12 Security Update : openldap2 (SUSE-SU-2020:3315-1)

This update for openldap2 fixes the following issues : CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules bsc1178387. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE securit...

SUSE-SU-2020:3315-1 Security update for openldap2

This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules bsc1178387...

SUSE-SU-2020:14541-1 Security update for openldap2

This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules bsc1178387...

Debian: Security Advisory (DLA-2425-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4782-1 : openldap - security update

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can use this flaw to cause a denial of service slapd daemon crash via a specially crafted packet. C Tenab...

Debian DLA-2425-1 : openldap security update

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can use this flaw to cause a denial of service slapd daemon crash via a specially crafted packet. For...

[SECURITY] [DLA 2425-1] openldap security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2425-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta November 01, 2020 https://wiki.debian.org/LTS -...

Denial Of Service (DoS)

openldap is vulnerable to denial of service DoS. The vulnerability exists as multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name modrdn requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the...

Denial Of Service (DoS)

openldap is vulnerable to denial of service DoS. The vulnerability exists as an authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially-crafted modrdn requests...

Authorization Bypass

389-ds-base is vulnerable to authorization bypass. The ACL is not properly updated after an LDAP modrdn operation, allowing authenticated users to access resources that are otherwise restricted by the defined ACLs...

[SECURITY] [DLA 1428-1] 389-ds-base security update

Package : 389-ds-base Version : 1.3.3.5-4+deb8u1 CVE ID : CVE-2015-1854 CVE-2017-15134 CVE-2018-1054 CVE-2018-1089 CVE-2018-10850 CVE-2015-1854 A flaw was found while doing authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server cou...

Oracle: Security Advisory (ELSA-2008-0110)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Red Hat 389 Directory Server modrdn Security Bypass Vulnerability

Red Hat 389 Directory Server formerly known as Fedora Directory Server is an enterprise-class Linux directory server from Red Hat. The server fully supports the LDAPv3 specification and features scalability, multi-master replication, and more. A security bypass vulnerability exists in Red Hat 389...

389-ds-base security update

1.3.3.1-16 - release 1.3.3.1-16 - Resolves: bug 1212894 - CVE-2015-1854 389ds-base: access control bypass with modrdn...

Oracle Linux 5 : openldap (ELSA-2010-0542)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0542 advisory. 2.3.43-12.1 - fixed segfault issues in modrdn 606375 - added patch handling null char in TLS to compat package 606375, patch backported by Jan Vcelak...

389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry...

DEBIAN-CVE-2012-4450

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry...