Computer Security
[EN] securityvulns.ru no-pyccku


OpenLDAP multiple security vulnerabilities
Published:13.04.2015
Source:
SecurityVulns ID:14377
Type:remote
Threat Level:
6/10
Description:DoS, privilege escalation.
Affected:OPENLDAP : OpenLDAP 2.4
CVE:CVE-2015-1545 (The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.)
 CVE-2014-9713 (The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.)
 CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3209-1] openldap security update (13.04.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod