PT-2015-5342 · Openldap+3 · Openldap+3

Ryan Tandy

Publicado

2015-02-12

Atualizado

2017-09-08

CVE-2015-1545

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions OpenLDAP versions 2.4.13 through 2.4.40

Description The issue allows remote attackers to cause a denial of service, resulting in a crash due to a NULL pointer dereference. This can be achieved by sending a search request with an empty attribute list in a deref control.

Recommendations For OpenLDAP versions 2.4.13 through 2.4.40, consider updating to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the deref parseCtrl function in the deref.c file until a patch is available. Avoid using empty attribute lists in deref controls in search requests until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2015-1819

CVE-2015-1545

DLA-203-1

DSA-3209-1

MGASA-2015-0143

OPENSUSE-SU-2024:11121-1

SUSE-SU-2015:0887-1

SUSE-SU-2015:1077-1

SUSE-SU-2015_1077-1

USN-2622-1

Produtos afetados

Alt Linux

Openldap

Suse

Ubuntu

PT-2015-5342 · Openldap+3 · Openldap+3

CVE-2015-1545

Identificadores relacionados

Produtos afetados

Referências · 70