// For flags

CVE-2008-0658

openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage

Severity Score

4.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.

slapd/back-bdb/modrdn.c en el motor interno BDB para slapd de OpenLDAP 2.3.39. Permite a usuarios autentificados remotamente provocar una denegación de servicio (caída del demonio) a través de una operación modrdn con un control NOOP (LDAP_X_NO_OPERATION), un tema relacionado con CVE-2007-6698.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-02-07 CVE Reserved
  • 2008-02-13 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-11-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (30)
URL Tag Source
http://secunia.com/advisories/29225 Third Party Advisory
http://secunia.com/advisories/29256 Third Party Advisory
http://secunia.com/advisories/29461 Third Party Advisory
http://secunia.com/advisories/29682 Third Party Advisory
http://secunia.com/advisories/29957 Third Party Advisory
http://support.apple.com/kb/HT3937 X_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2008-0059 X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059 X_refsource_confirm
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 X_refsource_confirm
http://www.securityfocus.com/archive/1/488242/100/200/threaded Mailing List
http://www.securityfocus.com/bid/27778 Vdb Entry
http://www.securitytracker.com/id?1019481 Vdb Entry
http://www.vupen.com/english/advisories/2008/0536/references Vdb Entry
http://www.vupen.com/english/advisories/2009/3184 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/40479 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9470 Signature
URL Date SRC
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198&f=h 2024-08-07
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html 2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html 2018-10-15
http://secunia.com/advisories/28914 2018-10-15
http://secunia.com/advisories/28926 2018-10-15
http://secunia.com/advisories/28953 2018-10-15
http://secunia.com/advisories/29068 2018-10-15
http://security.gentoo.org/glsa/glsa-200803-28.xml 2018-10-15
http://www.debian.org/security/2008/dsa-1541 2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:058 2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0110.html 2018-10-15
http://www.ubuntu.com/usn/usn-584-1 2018-10-15
https://access.redhat.com/security/cve/CVE-2008-0658 2008-02-21
https://bugzilla.redhat.com/show_bug.cgi?id=432008 2008-02-21
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.3.39
Search vendor "Openldap" for product "Openldap" and version "2.3.39"
-
Affected