Lucene search

Ubuntu.comUB:CVE-2005-2377

HistoryJul 26, 2005 - 12:00 a.m.

CVE-2005-2377

2005-07-2600:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server
and Mandrake 10.0, and other operating systems, does not properly handle a
SIGPIPE signal when sending a search request to an LDAP directory server,
which might allow remote attackers to cause a denial of service (crond and
other application crash) if they can cause an LDAP server to become
unavailable. NOTE: it is not clear whether this attack scenario is
sufficient to include this item in CVE.

References

launchpad.net/bugs/cve/CVE-2005-2377

nvd.nist.gov/vuln/detail/CVE-2005-2377

security-tracker.debian.org/tracker/CVE-2005-2377

www.cve.org/CVERecord?id=CVE-2005-2377

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for UB:CVE-2005-2377