5

CVE-2006-2754

Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenldapOpenldap Version2.2.1
OpenldapOpenldap Version2.2.11
OpenldapOpenldap Version2.2.12
OpenldapOpenldap Version2.2.13
OpenldapOpenldap Version2.2.14
OpenldapOpenldap Version2.2.15
OpenldapOpenldap Version2.2.16
OpenldapOpenldap Version2.2.17
OpenldapOpenldap Version2.2.18
OpenldapOpenldap Version2.2.19
OpenldapOpenldap Version2.2.20
OpenldapOpenldap Version2.2.21
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.49% 0.903
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/20126
Patch
Vendor Advisory
http://secunia.com/advisories/20495
http://secunia.com/advisories/20685
http://secunia.com/advisories/20848
http://www.gentoo.org/security/en/glsa/glsa-200606-17.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:096
http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c.diff?r1=1.21&r2=1.22&hideattic=1&sortbydate=0&f=h
Patch
http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c?hideattic=1&sortbydate=0#rev1.22
Patch
http://www.openldap.org/software/release/changes.html
Patch
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.008-openldap.html
Patch
http://www.osvdb.org/25659
http://www.securityfocus.com/archive/1/436674/100/0/threaded
http://www.vupen.com/english/advisories/2006/1921
https://usn.ubuntu.com/305-1/