7.5

CVE-2006-5779

Exploit

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

Data is provided by the National Vulnerability Database (NVD)
OpenldapOpenldap Version < 2.3.29
CanonicalUbuntu Linux Version5.10
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 51.9% 0.978
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

http://secunia.com/advisories/22750
Vendor Advisory
Broken Link
http://secunia.com/advisories/22953
Vendor Advisory
Broken Link
http://secunia.com/advisories/22996
Vendor Advisory
Broken Link
http://secunia.com/advisories/23125
Vendor Advisory
Broken Link
http://secunia.com/advisories/23133
Vendor Advisory
Broken Link
http://secunia.com/advisories/23152
Vendor Advisory
Broken Link
http://secunia.com/advisories/23170
Vendor Advisory
Broken Link
http://securitytracker.com/id?1017166
Third Party Advisory
Exploit
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/450728/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/20939
Third Party Advisory
Exploit
Broken Link
VDB Entry