Openldap

Openldap

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2008-0658

Exploit
  • EPSS 6.45%
  • Veröffentlicht 13.02.2008 21:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.

4

CVE-2007-6698

  • EPSS 4.62%
  • Veröffentlicht 01.02.2008 22:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerabilit...

7.1

CVE-2007-5707

  • EPSS 5.44%
  • Veröffentlicht 30.10.2007 19:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.

7.1

CVE-2007-5708

  • EPSS 2.87%
  • Veröffentlicht 30.10.2007 19:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers ...

5.1

CVE-2006-6493

Exploit
  • EPSS 8.43%
  • Veröffentlicht 13.12.2006 00:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind r...

7.5

CVE-2006-5779

Exploit
  • EPSS 51.9%
  • Veröffentlicht 07.11.2006 18:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

2.3

CVE-2006-4600

  • EPSS 0.1%
  • Veröffentlicht 07.09.2006 00:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).

5

CVE-2006-2754

  • EPSS 0.49%
  • Veröffentlicht 01.06.2006 17:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.

7.2

CVE-2005-4442

  • EPSS 0.09%
  • Veröffentlicht 21.12.2005 02:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

5

CVE-2004-1880

  • EPSS 1.08%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).