CVE-2002-1378
https://notcve.org/view.php?id=CVE-2002-1378
Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests. Múltiples desbordamientos de búfer en OpenLDAP22 (OpenLDAP 2) 2.2.0 y anteriores permiten a atacantes remotos ejecutar código arbitrario. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000556 http://www.ciac.org/ciac/bulletins/n-043.shtml http://www.debian.org/security/2003/dsa-227 http://www.linuxsecurity.com/advisories/gentoo_advisory-2704.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:006 http://www.novell.com/linux/security/advisories/2002_047_openldap2.html http://www.redhat.com/support/errata/RHSA-2003-040.html http://www.securityfocus.com/advisories/4827 http://www.securityfocus •
CVE-2002-0045
https://notcve.org/view.php?id=CVE-2002-0045
slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs. sldap en OpenLDAP 2.0 a 2.0.19 permite a usuarios locales, y a usuarios anónimos en versiones anteriores a 2.0.8, llevar a cabo una acción "replace" en controles de acceso sin valores, lo que causa que OpenLDAP borre atributos no mandatorios que de otra forma estarían protegidos por listas de control de accesso (ACL). • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-001.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000459 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:013 http://www.openldap.org/lists/openldap-announce/200201/msg00002.html http://www.osvdb.org/5395 http://www.redhat.com/support/errata/RHSA-2002-014.html http://www.securityfocus.com/bid/3945 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-020 https://exchange.x •
CVE-2001-0977
https://notcve.org/view.php?id=CVE-2001-0977
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417 http://www.cert.org/advisories/CA-2001-18.html http://www.debian.org/security/2001/dsa-068 http://www.kb.cert.org/vuls/id/935800 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3 http://www.osvdb.org/1905 http://www.redhat.com/support/errata/RHSA-2001-098.html http://www.securityfocus.com/bid/3049 https://exchange.xforce.ibmcloud.com/vulnerabilities/6904 •
CVE-2000-0748
https://notcve.org/view.php?id=CVE-2000-0748
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse. • http://archives.neohapsis.com/archives/bugtraq/2000-07/0375.html http://www.securityfocus.com/bid/1511 •
CVE-2000-0336 – OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink
https://notcve.org/view.php?id=CVE-2000-0336
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. • https://www.exploit-db.com/exploits/19946 ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt http://www.redhat.com/support/errata/RHSA-2000-012.html http://www.securityfocus.com/bid/1232 http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html •