CVE-2004-0823
https://notcve.org/view.php?id=CVE-2004-0823
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. • http://secunia.com/advisories/12491 http://secunia.com/advisories/17233 http://secunia.com/advisories/21520 http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm http://www.auscert.org.au/render.html?it=4363 http://www.redhat.com/support/errata/RHSA-2005-751.html http://www.securityfocus.com/advisories/7148 http://www.securityfocus.com/bid/11137 https://exchange.xforce.ibmcloud.com/vulnerabilities/17300 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre •
CVE-2003-1201
https://notcve.org/view.php?id=CVE-2003-1201
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault). • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685 http://secunia.com/advisories/11261 http://secunia.com/advisories/9203 http://security.gentoo.org/glsa/glsa-200403-12.xml http://www.openldap.org/its/index.cgi?findid=2390 http://www.osvdb.org/17000 http://www.securityfocus.com/bid/7656 https://exchange.xforce.ibmcloud.com/vulnerabilities/12520 • CWE-824: Access of Uninitialized Pointer •
CVE-2002-1508
https://notcve.org/view.php?id=CVE-2002-1508
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests. slapd en OpenLDAP2 (OpenLDAP 2) 2.2.0 y anteriores permiten a usuarios locales sobreescribir ficheros arbitrarios mediante una condición de carrera durante la creación de un fichero de registro de peticiones de replicación rechazadas. • http://www.debian.org/security/2003/dsa-227 http://www.iss.net/security_center/static/11288.php http://www.mandriva.com/security/advisories?name=MDKSA-2003:006 http://www.novell.com/linux/security/advisories/2002_047_openldap2.html http://www.redhat.com/support/errata/RHSA-2003-040.html https://access.redhat.com/security/cve/CVE-2002-1508 https://bugzilla.redhat.com/show_bug.cgi?id=1616918 •
CVE-2002-1379
https://notcve.org/view.php?id=CVE-2002-1379
OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges. Múltiples vulnerabilidades desconocidas en OpenLDAP2 (OpenLDAP2) 2.2.0 y anteriores, que no son desbordamientos de búfer como los descritos en CAN-2002-1378, permiten atacantes remotos o locales ejecutar código arbitrario. • http://www.debian.org/security/2003/dsa-227 http://www.mandriva.com/security/advisories?name=MDKSA-2003:006 http://www.novell.com/linux/security/advisories/2002_047_openldap2.html https://access.redhat.com/security/cve/CVE-2002-1379 https://bugzilla.redhat.com/show_bug.cgi?id=1616900 •
CVE-2002-1378
https://notcve.org/view.php?id=CVE-2002-1378
Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests. Múltiples desbordamientos de búfer en OpenLDAP22 (OpenLDAP 2) 2.2.0 y anteriores permiten a atacantes remotos ejecutar código arbitrario. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000556 http://www.ciac.org/ciac/bulletins/n-043.shtml http://www.debian.org/security/2003/dsa-227 http://www.linuxsecurity.com/advisories/gentoo_advisory-2704.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:006 http://www.novell.com/linux/security/advisories/2002_047_openldap2.html http://www.redhat.com/support/errata/RHSA-2003-040.html http://www.securityfocus.com/advisories/4827 http://www.securityfocus •