CVE-2015-6908

OpenLDAP 2.4.42 - ber_get_next Denial of Service

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Vulnerabilidad en la función ber_get_next en libraries/liblber/io.c en OpenLDAP 2.4.42 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (aserción accesible y caída de la aplicación) a través de datos BER manipulados, según lo demostrado por un ataque contra slapd.

A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-09-11 CVE Reserved
2015-09-11 CVE Published
2015-09-11 First Exploit
2024-08-06 CVE Updated
2024-10-05 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (20)

URL	Tag	Source
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	X_refsource_confirm
http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf	X_refsource_confirm
http://www.securityfocus.com/bid/76714	Vdb Entry
http://www.securitytracker.com/id/1033534	Vdb Entry
https://support.apple.com/HT205637	X_refsource_confirm

URL	Date	SRC
https://www.exploit-db.com/exploits/38145	2015-09-11
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1840.html	2023-11-07
http://www.debian.org/security/2015/dsa-3356	2023-11-07
http://www.ubuntu.com/usn/USN-2742-1	2023-11-07
https://access.redhat.com/security/cve/CVE-2015-6908	2015-09-29
https://bugzilla.redhat.com/show_bug.cgi?id=1262393	2015-09-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openldap Search vendor "Openldap"		Openldap Search vendor "Openldap" for product "Openldap"				<= 2.4.42 Search vendor "Openldap" for product "Openldap" and version " <= 2.4.42"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				<= 10.11.1 Search vendor "Apple" for product "Mac Os X" and version " <= 10.11.1"		-		Affected