CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14159
https://notcve.org/view.php?id=CVE-2017-14159
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. slapd en OpenLDAP en su versión 2.4.45 y anteriores crea un archivo PID tras eliminar privilegios a una cuenta no-root, lo que podría permitir que usuarios locales terminen procesos arbitrarios aprovechando el acceso a esta cuenta no-root para modificar el archivo PID antes de que un script root ejecute un comando "kill `cat /pathname`". Esto se ha demostrado con openldap-initscript. • http://www.openldap.org/its/index.cgi?findid=8703 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-665: Improper Initialization •
CVSS: 6.5EPSS: 89%CPEs: 16EXPL: 1CVE-2017-9287 – openldap: Double free vulnerability in servers/slapd/back-mdb/search.c
https://notcve.org/view.php?id=CVE-2017-9287
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. servers/slapd/back-mdb/search.c en OpenLDAP hasta la versión 2.4.44 es propenso a una doble vulnerabilidad de liberación de memoria. Un usuario con acceso para buscar en el directorio puede hacer que slapd deje de funcionar al emitir una búsqueda que incluya el control Paged Results con un tamaño de página de 0. A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. • http://www.debian.org/security/2017/dsa-3868 http://www.openldap.org/its/?findid=8655 http://www.securityfocus.com/bid/98736 http://www.securitytracker.com/id/1038591 https://access.redhat.com/errata/RHSA-2017:1852 https://bugs.debian.org/863563 https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2017-9287 https://bugzilla.redhat.com/show_bug.cgi?id=1456712 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2015-3276 – openldap: incorrect multi-keyword mode cipherstring parsing
https://notcve.org/view.php?id=CVE-2015-3276
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. La función nss_parse_ciphers en libraries/libldap/tls_m.c en OpenLDAP no analiza adecuadamente cadenas de cifrado en modo multiclave de estilo OpenSSL, lo que podría provocar el uso de un cifrado más débil que el previsto y permitir a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. • http://rhn.redhat.com/errata/RHSA-2015-2131.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securitytracker.com/id/1034221 https://bugzilla.redhat.com/show_bug.cgi?id=1238322 https://access.redhat.com/security/cve/CVE-2015-3276 • CWE-682: Incorrect Calculation •
CVSS: 5.0EPSS: 94%CPEs: 2EXPL: 2CVE-2015-6908 – OpenLDAP 2.4.42 - ber_get_next Denial of Service
https://notcve.org/view.php?id=CVE-2015-6908
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. Vulnerabilidad en la función ber_get_next en libraries/liblber/io.c en OpenLDAP 2.4.42 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (aserción accesible y caída de la aplicación) a través de datos BER manipulados, según lo demostrado por un ataque contra slapd. A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. • https://www.exploit-db.com/exploits/38145 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html http://rhn&# • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 94%CPEs: 33EXPL: 0CVE-2013-4449 – openldap: segfault on certain queries with rwm overlay
https://notcve.org/view.php?id=CVE-2013-4449
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. El overlay rwm en OpenLDAP 2.4.23, 2.4.36 y anteriores no cuenta debidamente las referencias, lo que permite a atacantes remotos causar una denegación de servicio (caída de slapd) mediante la desvinculación inmediata después de una solicitud de búsqueda, lo que provoca que rwm_conn_destroy libere la sesión mientras que está siendo utilizado por rwm_op_search. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://rhn.redhat.com/errata/RHSA-2014-0126.html http://rhn.redhat.com/errata/RHSA-2014-0206.html http://seclists.org/fulldisclosure/2019/Dec/26 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-4449 http://www.debian.org/security/2015/dsa-3209 http://www.mandriva.com/security/advisories?name=MDVSA-2014:026 http://www.openldap&# • CWE-189: Numeric Errors •