CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0658 – openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
https://notcve.org/view.php?id=CVE-2008-0658
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. slapd/back-bdb/modrdn.c en el motor interno BDB para slapd de OpenLDAP 2.3.39. Permite a usuarios autentificados remotamente provocar una denegación de servicio (caída del demonio) a través de una operación modrdn con un control NOOP (LDAP_X_NO_OPERATION), un tema relacionado con CVE-2007-6698. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://secunia.com/advisories/28914 http://secunia.com/advisories/28926 http://secunia.com/advisories/28953 http://secunia.com/advisories/29068 http://secunia.com/advisories/29225 http://secunia.com/advisories/29256 http://secunia.com/advisories/29461 http://secunia.com/advisories/29682 http://secunia.com/advisories/29957 http://sec • CWE-399: Resource Management Errors •
CVSS: 5.1EPSS: 11%CPEs: 119EXPL: 3CVE-2006-6493 – OpenLDAP 2.4.3 - 'KBIND' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6493
Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data. Desbordamiento de búfer en la función krbv4_ldap_auth de servers/slapd/kerberos.c en OpenLDAP 2.4.3 y versiones anteriores, cuando el OpenLDAP es compilado con la opción kbind (Kerberos KBIND) habilitada, permite a atacantes remotos ejecutar código de su elección a través de una petición LDAP utilizando el método de autenticación LDAP_AUTH_KRBV41 y un dato largo en las credenciales. • https://www.exploit-db.com/exploits/2933 http://secunia.com/advisories/23334 http://securityreason.com/securityalert/2023 http://www.phreedom.org/solar/exploits/openldap-kbind http://www.securityfocus.com/archive/1/454181/30/0/threaded http://www.vupen.com/english/advisories/2006/4964 •