CVE-2002-1378

Name of the Vulnerable Software and Affected Versions OpenLDAP versions 2.2.0 and earlier OpenLDAP2 versions 2.2.0 and earlier openldap-devel versions 2.0.27 openldap-clients versions 1.2.13 and 2.0.27 openldap-servers versions 1.2.13 and 2.0.27 libldap2 (affected versions not specified) ldap-gateways (affected versions not specified) openldap12 versions 1.2.13 openldap versions 1.2.13

Description The issue involves multiple vulnerabilities in OpenLDAP, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specific details include buffer overflows in OpenLDAP2, which allow remote attackers to execute arbitrary code via long parameters to slurpd, malicious ldapfilter.conf or ldaptemplates.conf files, certain access control lists, or long generated filenames for logging rejected replication requests.

Recommendations For OpenLDAP versions 2.2.0 and earlier, update to a version later than 2.2.0. For openldap-devel version 2.0.27, consider disabling the vulnerable components until a patch is available. For openldap-clients versions 1.2.13 and 2.0.27, restrict access to the vulnerable modules to minimize the risk of exploitation. For openldap-servers versions 1.2.13 and 2.0.27, avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. For libldap2, ldap-gateways, openldap12, and openldap, at the moment, there is no information about a newer version that contains a fix for this vulnerability.