PT-2014-1862 · Openldap+5 · Openldap+5

Michael Vishchers

·

Publicado

2014-02-03

·

Atualizado

2016-12-08

·

CVE-2013-4449

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions OpenLDAP versions 2.4.23 and earlier
Description The issue is related to a denial of service (slapd crash) that can be caused by remote attackers. This can happen when the rwm overlay in OpenLDAP does not properly count references, allowing attackers to unbind immediately after a search request. The exploitation can be done remotely and may lead to a disruption in the availability of protected information.
Recommendations For OpenLDAP version 2.4.23, consider updating to a newer version to resolve the issue. For versions prior to 2.4.23, update to version 2.4.23 or later to mitigate the risk. As a temporary workaround, consider restricting access to the rwm overlay until a patch is available.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

ALT-PU-2015-1819
BDU:2015-07058
BDU:2015-07060
BDU:2015-07061
BDU:2015-07062
BDU:2015-07064
BDU:2015-07066
BDU:2015-07068
BDU:2015-09060
BDU:2015-09061
BDU:2015-09062
BDU:2015-09063
BDU:2015-09064
BDU:2015-09065
BDU:2015-09066
CESA-2014_0126
CVE-2013-4449
DLA-203-1
DSA-3209-1
MGASA-2014-0062
RHSA-2014:0126
RHSA-2014:0206
RHSA-2014_0126
RHSA-2014_0206
SUSE-SU-2015:0887-1
SUSE-SU-2015_0887-1
USN-2622-1

Produtos afetados

Alt Linux
Centos
Openldap
Red Hat
Suse
Ubuntu