CVE-2005-2069
https://notcve.org/view.php?id=CVE-2005-2069
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. • http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0060.html http://bugs.gentoo.org/show_bug.cgi?id=96767 http://bugzilla.padl.com/show_bug.cgi?id=210 http://bugzilla.padl.com/show_bug.cgi?id=211 http://secunia.com/advisories/17233 http://secunia.com/advisories/17845 http://secunia.com/advisories/21520 http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm http://www.gentoo.org/security/en/glsa/glsa-200507-13.xml http://www.openldap.org/its/inde • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2004-1880
https://notcve.org/view.php?id=CVE-2004-1880
Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption). • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685 http://secunia.com/advisories/9203 http://www.osvdb.org/17000 •
CVE-2004-0823
https://notcve.org/view.php?id=CVE-2004-0823
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. • http://secunia.com/advisories/12491 http://secunia.com/advisories/17233 http://secunia.com/advisories/21520 http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm http://www.auscert.org.au/render.html?it=4363 http://www.redhat.com/support/errata/RHSA-2005-751.html http://www.securityfocus.com/advisories/7148 http://www.securityfocus.com/bid/11137 https://exchange.xforce.ibmcloud.com/vulnerabilities/17300 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre •
CVE-2003-1201
https://notcve.org/view.php?id=CVE-2003-1201
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault). • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685 http://secunia.com/advisories/11261 http://secunia.com/advisories/9203 http://security.gentoo.org/glsa/glsa-200403-12.xml http://www.openldap.org/its/index.cgi?findid=2390 http://www.osvdb.org/17000 http://www.securityfocus.com/bid/7656 https://exchange.xforce.ibmcloud.com/vulnerabilities/12520 • CWE-824: Access of Uninitialized Pointer •
CVE-2002-1508
https://notcve.org/view.php?id=CVE-2002-1508
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests. slapd en OpenLDAP2 (OpenLDAP 2) 2.2.0 y anteriores permiten a usuarios locales sobreescribir ficheros arbitrarios mediante una condición de carrera durante la creación de un fichero de registro de peticiones de replicación rechazadas. • http://www.debian.org/security/2003/dsa-227 http://www.iss.net/security_center/static/11288.php http://www.mandriva.com/security/advisories?name=MDKSA-2003:006 http://www.novell.com/linux/security/advisories/2002_047_openldap2.html http://www.redhat.com/support/errata/RHSA-2003-040.html https://access.redhat.com/security/cve/CVE-2002-1508 https://bugzilla.redhat.com/show_bug.cgi?id=1616918 •