CVE-2002-1378
https://notcve.org/view.php?id=CVE-2002-1378
Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests. Múltiples desbordamientos de búfer en OpenLDAP22 (OpenLDAP 2) 2.2.0 y anteriores permiten a atacantes remotos ejecutar código arbitrario. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000556 http://www.ciac.org/ciac/bulletins/n-043.shtml http://www.debian.org/security/2003/dsa-227 http://www.linuxsecurity.com/advisories/gentoo_advisory-2704.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:006 http://www.novell.com/linux/security/advisories/2002_047_openldap2.html http://www.redhat.com/support/errata/RHSA-2003-040.html http://www.securityfocus.com/advisories/4827 http://www.securityfocus •
CVE-2002-0045
https://notcve.org/view.php?id=CVE-2002-0045
slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs. sldap en OpenLDAP 2.0 a 2.0.19 permite a usuarios locales, y a usuarios anónimos en versiones anteriores a 2.0.8, llevar a cabo una acción "replace" en controles de acceso sin valores, lo que causa que OpenLDAP borre atributos no mandatorios que de otra forma estarían protegidos por listas de control de accesso (ACL). • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-001.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000459 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:013 http://www.openldap.org/lists/openldap-announce/200201/msg00002.html http://www.osvdb.org/5395 http://www.redhat.com/support/errata/RHSA-2002-014.html http://www.securityfocus.com/bid/3945 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-020 https://exchange.x •