Page 7 of 37 results (0.006 seconds)

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. El backend de BDB para slapd en OpenLDAP versiones anteriores a 2.3.36, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de una operación de modificación potencialmente con éxito con el control NOOP establecido en crítico, posiblemente debido a una vulnerabilidad de doble liberación. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://secunia.com/advisories/28817 http://secunia.com/advisories/28953 http://secunia.com/advisories/29068 http://secunia.com/advisories/29225 http://secunia.com/advisories/29256 http://secunia.com/advisories/29682 http://secunia.com/advisories/29957 http://support.apple.com/kb/HT3937 http://wiki.rpath.com/Advisories:rPSA-2008-0059 • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 7%CPEs: 119EXPL: 0

OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. OpenLDAP versiones anteriores a 2.3.39, permite a atacantes remotos causar una denegación de servicio (bloqueo de slapd) por medio de una petición LDAP con un atributo objectClasses malformado. NOTA: esto ha sido reportado como doble liberación, pero los reportes son incoherentes. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://secunia.com/advisories/27424 http://secunia.com/advisories/27587 http://secunia.com/advisories/27596 http://secunia.com/advisories/27683 http://secunia.com/advisories/27756 http://secunia.com/advisories/27868 http://secunia.com/advisories/29461 http://secunia.com/advisories/29682 http://security.gentoo.org/glsa/glsa-200803-28.xml http:/&# • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 4%CPEs: 119EXPL: 0

slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated. slapo-pcache (overlays/pcache.c) en slapd en OpenLDAP versiones anteriores a 2.3.39, cuando es ejecutado como un servidor de almacenamiento en caché de proxy, asigna memoria mediante una variante malloc en lugar de calloc, lo que impide que una matriz se inicialice apropiadamente y podría permitir a atacantes causar una denegación de servicio (fallo de segmentación) por medio de vectores de ataque desconocidos que impiden que la matriz sea terminada en null. • http://secunia.com/advisories/27424 http://secunia.com/advisories/27683 http://secunia.com/advisories/27756 http://secunia.com/advisories/27868 http://secunia.com/advisories/29225 http://secunia.com/advisories/29461 http://secunia.com/advisories/29682 http://security.gentoo.org/glsa/glsa-200803-28.xml http://www.debian.org/security/2008/dsa-1541 http://www.mandriva.com/security/advisories?name=MDVSA-2008:058 http://www.novell.com/linux/security/advisories/2007_24_sr.html&# • CWE-399: Resource Management Errors •

CVSS: 5.1EPSS: 11%CPEs: 119EXPL: 3

Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data. Desbordamiento de búfer en la función krbv4_ldap_auth de servers/slapd/kerberos.c en OpenLDAP 2.4.3 y versiones anteriores, cuando el OpenLDAP es compilado con la opción kbind (Kerberos KBIND) habilitada, permite a atacantes remotos ejecutar código de su elección a través de una petición LDAP utilizando el método de autenticación LDAP_AUTH_KRBV41 y un dato largo en las credenciales. • https://www.exploit-db.com/exploits/2933 http://secunia.com/advisories/23334 http://securityreason.com/securityalert/2023 http://www.phreedom.org/solar/exploits/openldap-kbind http://www.securityfocus.com/archive/1/454181/30/0/threaded http://www.vupen.com/english/advisories/2006/4964 •

CVSS: 7.5EPSS: 84%CPEs: 4EXPL: 5

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. Vulnerabilidad no especificada en el paquete openldap-2.2.29-1 de OpenLDAP en Fedora Core 4 (FC4), permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante cierta combinación de peticiones LDAP BIND que disparan un fallo de aserción. • http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz http://gleg.net/vulndisco_meta.shtml http://secunia.com/advisories/22750 http://secunia.com/advisories/22953 http://secunia.com/advisories/22996 http://secunia.com/advisories/23125 http://secunia.com/advisories/23133 http://secunia.com/advisories/23152 http://secunia.com/advisories/23170 http://security.gentoo.org/glsa/glsa-200611-25.xml http://securityreason.com/securityalert/1831 http://securitytracker.com/id?1017166 http&# • CWE-617: Reachable Assertion •