Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703209
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 3209-1 (openldap - security update)
Summary:Multiple vulnerabilities were;found in OpenLDAP, a free implementation of the Lightweight Directory Access;Protocol.;;CVE-2013-4449;Michael Vishchers from Seven Principles AG discovered a denial of;service vulnerability in slapd, the directory server implementation.;When the server is configured to used the RWM overlay, an attacker;can make it crash by unbinding just after connecting, because of an;issue with reference counting.;;CVE-2014-9713;The default Debian configuration of the directory database allows;every users to edit their own attributes. When LDAP directories are;used for access control, and this is done using user attributes, an;authenticated user can leverage this to gain access to unauthorized;resources.;;Please note this is a Debian specific vulnerability.;;The new package won't use the unsafe access control rule for new;databases, but existing configurations won't be automatically;modified. Administrators are incited to look at the README.Debian;file provided by the updated package if they need to fix the access;control rule.;;CVE-2015-1545;Ryan Tandy discovered a denial of service vulnerability in slapd.;When using the deref overlay, providing an empty attribute list in;a query makes the daemon crashes.
Description:Summary:
Multiple vulnerabilities were
found in OpenLDAP, a free implementation of the Lightweight Directory Access
Protocol.

CVE-2013-4449
Michael Vishchers from Seven Principles AG discovered a denial of
service vulnerability in slapd, the directory server implementation.
When the server is configured to used the RWM overlay, an attacker
can make it crash by unbinding just after connecting, because of an
issue with reference counting.

CVE-2014-9713
The default Debian configuration of the directory database allows
every users to edit their own attributes. When LDAP directories are
used for access control, and this is done using user attributes, an
authenticated user can leverage this to gain access to unauthorized
resources.

Please note this is a Debian specific vulnerability.

The new package won't use the unsafe access control rule for new
databases, but existing configurations won't be automatically
modified. Administrators are incited to look at the README.Debian
file provided by the updated package if they need to fix the access
control rule.

CVE-2015-1545
Ryan Tandy discovered a denial of service vulnerability in slapd.
When using the deref overlay, providing an empty attribute list in
a query makes the daemon crashes.

Affected Software/OS:
openldap on Debian Linux

Solution:
For the stable distribution (wheezy),
these problems have been fixed in version 2.4.31-2.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 2.4.40-4.

For the unstable distribution (sid), these problems have been fixed in
version 2.4.40-4.

We recommend that you upgrade your openldap packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4449
BugTraq ID: 63190
http://www.securityfocus.com/bid/63190
Bugtraq: 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (Google Search)
https://seclists.org/bugtraq/2019/Dec/23
Cisco Security Advisory: 20140401 Cisco Unified Communications Manager Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-4449
Debian Security Information: DSA-3209 (Google Search)
http://www.debian.org/security/2015/dsa-3209
http://seclists.org/fulldisclosure/2019/Dec/26
http://www.mandriva.com/security/advisories?name=MDVSA-2014:026
http://www.openwall.com/lists/oss-security/2013/10/19/3
RedHat Security Advisories: RHSA-2014:0126
http://rhn.redhat.com/errata/RHSA-2014-0126.html
RedHat Security Advisories: RHSA-2014:0206
http://rhn.redhat.com/errata/RHSA-2014-0206.html
http://www.securitytracker.com/id/1029711
Common Vulnerability Exposure (CVE) ID: CVE-2014-9713
BugTraq ID: 73217
http://www.securityfocus.com/bid/73217
http://www.openwall.com/lists/oss-security/2015/03/29/2
http://www.ubuntu.com/usn/USN-2742-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1545
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BugTraq ID: 72519
http://www.securityfocus.com/bid/72519
http://www.mandriva.com/security/advisories?name=MDVSA-2015:073
http://www.mandriva.com/security/advisories?name=MDVSA-2015:074
http://www.openwall.com/lists/oss-security/2015/02/07/3
http://www.securitytracker.com/id/1032399
http://secunia.com/advisories/62787
SuSE Security Announcement: openSUSE-SU-2015:1325 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html
XForce ISS Database: openldap-cve20151545-dos(100937)
https://exchange.xforce.ibmcloud.com/vulnerabilities/100937
CopyrightCopyright (c) 2015 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.