CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Openldap : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-4449 189 DoS 2014-02-05 2014-04-19
4.3
None Remote Medium Not required None None Partial
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
2 CVE-2012-2668 200 +Info 2012-06-16 2012-09-07
4.3
None Remote Medium Not required Partial None None
libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
3 CVE-2012-1164 119 DoS Overflow 2012-06-29 2013-04-04
2.6
None Remote High Not required None None Partial
slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
4 CVE-2011-4079 189 DoS Overflow 2011-10-27 2012-02-16
4.0
None Remote Low Single system None None Partial
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.
5 CVE-2011-1081 399 DoS 2011-03-19 2011-09-06
5.0
None Remote Low Not required None None Partial
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
6 CVE-2011-1025 287 Bypass 2011-03-19 2011-09-06
6.8
None Remote Medium Not required Partial Partial Partial
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
7 CVE-2011-1024 264 Bypass 2011-03-19 2011-09-06
4.6
None Remote High Single system Partial Partial Partial
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
8 CVE-2010-0212 264 DoS 2010-07-28 2011-01-12
5.0
None Remote Low Not required None None Partial
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.
9 CVE-2010-0211 264 DoS Exec Code 2010-07-28 2011-01-12
5.0
None Remote Low Not required None None Partial
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
10 CVE-2009-3767 310 2009-10-23 2011-08-26
6.8
None Remote Medium Not required Partial Partial Partial
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
11 CVE-2008-2952 399 DoS 2008-07-01 2011-10-11
5.0
None Remote Low Not required None None Partial
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
12 CVE-2008-0658 399 DoS 2008-02-13 2010-08-21
4.0
None Remote Low Single system None None Partial
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
13 CVE-2007-6698 399 DoS 2008-02-01 2010-08-21
4.0
None Remote Low Single system None None Partial
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
14 CVE-2007-5708 399 DoS 2007-10-30 2008-09-10
7.1
None Remote Medium Not required None None Complete
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.
15 CVE-2007-5707 399 DoS 2007-10-30 2010-08-21
7.1
None Remote Medium Not required None None Complete
OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.
16 CVE-2006-6493 Exec Code Overflow 2006-12-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data.
17 CVE-2006-5779 399 DoS 2006-11-07 2011-08-26
5.0
None Remote Low Not required None None Partial
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
18 CVE-2006-4600 2006-09-06 2010-08-21
2.3
None Local Network Medium Single system None Partial None
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
19 CVE-2006-2754 Exec Code Overflow 2006-06-01 2010-04-02
5.0
None Remote Low Not required None Partial None
Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.
20 CVE-2005-4442 +Priv 2005-12-20 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
21 CVE-2005-2069 2005-06-30 2010-08-21
5.0
None Remote Low Not required Partial None None
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
22 CVE-2004-1880 DoS 2004-12-31 2008-09-10
5.0
None Remote Low Not required None None Partial
Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).
23 CVE-2004-0823 2004-09-07 2010-08-21
7.5
None Remote Low Not required Partial Partial Partial
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
24 CVE-2003-1201 DoS 2003-03-20 2008-09-05
5.0
None Remote Low Not required None None Partial
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).
25 CVE-2002-1508 2003-02-19 2008-09-10
1.2
None Local High Not required None Partial None
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.
26 CVE-2002-1379 Exec Code 2003-01-02 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges.
27 CVE-2002-1378 Exec Code Overflow 2003-01-02 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests.
28 CVE-2002-0045 2002-01-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.
29 CVE-2001-0977 DoS 2001-07-16 2008-09-05
5.0
None Remote Low Not required None None Partial
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
30 CVE-2000-0748 2000-10-20 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.
31 CVE-2000-0336 2000-04-21 2008-09-10
2.1
None Local Low Not required None Partial None
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
Total number of vulnerabilities : 31   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.