Vulnerability Details : CVE-2006-5779
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
Vulnerability category: Denial of service
Products affected by CVE-2006-5779
- cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Threat overview for CVE-2006-5779
Top countries where our scanners detected CVE-2006-5779
Top open port discovered on systems with this issue
389
IPs affected by CVE-2006-5779 832
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-5779!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-5779
74.99%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5779
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | 2024-02-08 |
CWE ids for CVE-2006-5779
-
Assigned by: nvd@nist.gov (Primary)
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-5779
-
Red Hat 2007-03-14Not Vulnerable. The OpenLDAP versions shipped with Red Hat Enterprise Linux 4 and earlier do not contain the vulnerable code in question. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References for CVE-2006-5779
-
https://issues.rpath.com/browse/RPL-820
Broken Link
-
http://secunia.com/advisories/23133
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/22996
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:208
Advisories - Mandriva LinuxBroken Link
-
http://secunia.com/advisories/23152
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/22750
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.securityfocus.com/bid/20939
Broken Link;Exploit;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/23125
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://gleg.net/vulndisco_meta.shtml
404 Not FoundBroken Link;Exploit
-
http://securitytracker.com/id?1017166
Broken Link;Exploit;Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-384-1
USN-384-1: OpenLDAP vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200611-25.xml
OpenLDAP: Denial of Service vulnerability (GLSA 200611-25) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/archive/1/450728/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html
Broken Link
-
http://www.vupen.com/english/advisories/2006/4379
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Vendor Advisory
-
http://www.trustix.org/errata/2006/0066/
Trustix | Empowering Trust and Security in the Digital AgeBroken Link
-
http://secunia.com/advisories/22953
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/23170
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.novell.com/linux/security/advisories/2006_72_openldap2.html
Security - Support | SUSEBroken Link
-
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740
4740 – SASL bind assertExploit;Issue Tracking
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30076
OpenLDAP BIND denial of service CVE-2006-5779 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz
404 Not FoundBroken Link;Exploit
-
http://securityreason.com/securityalert/1831
VulnDisco Pack for Metasploit - CXSecurity.comBroken Link
Jump to