CVE-2007-5707

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: OpenLDAP versions prior to 2.3.39 OpenLDAP version 2.3.27

Description: The issue allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. This can lead to disruption of protected information and can be exploited remotely.

Recommendations: For OpenLDAP versions prior to 2.3.39, update to version 2.3.39 or later to resolve the issue. For OpenLDAP version 2.3.27, consider disabling the LDAP service or restricting access to it until a patch is available. As a temporary workaround, consider disabling the objectClasses attribute in LDAP requests until a patch is available.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2015-01320

BDU:2015-06995

BDU:2015-07057

BDU:2015-07059

BDU:2015-07063

BDU:2015-07065

BDU:2015-07067

BDU:2015-09610

CVE-2007-5707

DSA-1541-1

RHSA-2007:1037

RHSA-2007:1038

RHSA-2007_1037

RHSA-2007_1038

Affected Products

Openldap

Red Hat

CVE-2007-5707

Weakness Enumeration

Related Identifiers

Affected Products

References · 44