ID CVE-2006-5779
Summary OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
References
Vulnerable Configurations
  • cpe:2.3:a:openldap:openldap:1.0
    cpe:2.3:a:openldap:openldap:1.0
  • cpe:2.3:a:openldap:openldap:1.0.1
    cpe:2.3:a:openldap:openldap:1.0.1
  • cpe:2.3:a:openldap:openldap:1.0.2
    cpe:2.3:a:openldap:openldap:1.0.2
  • cpe:2.3:a:openldap:openldap:1.0.3
    cpe:2.3:a:openldap:openldap:1.0.3
  • cpe:2.3:a:openldap:openldap:1.1
    cpe:2.3:a:openldap:openldap:1.1
  • cpe:2.3:a:openldap:openldap:1.1.0
    cpe:2.3:a:openldap:openldap:1.1.0
  • cpe:2.3:a:openldap:openldap:1.1.1
    cpe:2.3:a:openldap:openldap:1.1.1
  • cpe:2.3:a:openldap:openldap:1.1.2
    cpe:2.3:a:openldap:openldap:1.1.2
  • cpe:2.3:a:openldap:openldap:1.1.3
    cpe:2.3:a:openldap:openldap:1.1.3
  • cpe:2.3:a:openldap:openldap:1.1.4
    cpe:2.3:a:openldap:openldap:1.1.4
  • cpe:2.3:a:openldap:openldap:1.2
    cpe:2.3:a:openldap:openldap:1.2
  • cpe:2.3:a:openldap:openldap:1.2.0
    cpe:2.3:a:openldap:openldap:1.2.0
  • cpe:2.3:a:openldap:openldap:1.2.1
    cpe:2.3:a:openldap:openldap:1.2.1
  • cpe:2.3:a:openldap:openldap:1.2.2
    cpe:2.3:a:openldap:openldap:1.2.2
  • cpe:2.3:a:openldap:openldap:1.2.3
    cpe:2.3:a:openldap:openldap:1.2.3
  • cpe:2.3:a:openldap:openldap:1.2.4
    cpe:2.3:a:openldap:openldap:1.2.4
  • cpe:2.3:a:openldap:openldap:1.2.5
    cpe:2.3:a:openldap:openldap:1.2.5
  • cpe:2.3:a:openldap:openldap:1.2.6
    cpe:2.3:a:openldap:openldap:1.2.6
  • cpe:2.3:a:openldap:openldap:1.2.7
    cpe:2.3:a:openldap:openldap:1.2.7
  • cpe:2.3:a:openldap:openldap:1.2.8
    cpe:2.3:a:openldap:openldap:1.2.8
  • cpe:2.3:a:openldap:openldap:1.2.9
    cpe:2.3:a:openldap:openldap:1.2.9
  • cpe:2.3:a:openldap:openldap:1.2.10
    cpe:2.3:a:openldap:openldap:1.2.10
  • cpe:2.3:a:openldap:openldap:1.2.11
    cpe:2.3:a:openldap:openldap:1.2.11
  • cpe:2.3:a:openldap:openldap:1.2.12
    cpe:2.3:a:openldap:openldap:1.2.12
  • cpe:2.3:a:openldap:openldap:1.2.13
    cpe:2.3:a:openldap:openldap:1.2.13
  • cpe:2.3:a:openldap:openldap:2.0
    cpe:2.3:a:openldap:openldap:2.0
  • cpe:2.3:a:openldap:openldap:2.0.0
    cpe:2.3:a:openldap:openldap:2.0.0
  • cpe:2.3:a:openldap:openldap:2.0.1
    cpe:2.3:a:openldap:openldap:2.0.1
  • cpe:2.3:a:openldap:openldap:2.0.2
    cpe:2.3:a:openldap:openldap:2.0.2
  • cpe:2.3:a:openldap:openldap:2.0.3
    cpe:2.3:a:openldap:openldap:2.0.3
  • cpe:2.3:a:openldap:openldap:2.0.4
    cpe:2.3:a:openldap:openldap:2.0.4
  • cpe:2.3:a:openldap:openldap:2.0.5
    cpe:2.3:a:openldap:openldap:2.0.5
  • cpe:2.3:a:openldap:openldap:2.0.6
    cpe:2.3:a:openldap:openldap:2.0.6
  • cpe:2.3:a:openldap:openldap:2.0.7
    cpe:2.3:a:openldap:openldap:2.0.7
  • cpe:2.3:a:openldap:openldap:2.0.8
    cpe:2.3:a:openldap:openldap:2.0.8
  • cpe:2.3:a:openldap:openldap:2.0.9
    cpe:2.3:a:openldap:openldap:2.0.9
  • cpe:2.3:a:openldap:openldap:2.0.10
    cpe:2.3:a:openldap:openldap:2.0.10
  • cpe:2.3:a:openldap:openldap:2.0.11
    cpe:2.3:a:openldap:openldap:2.0.11
  • cpe:2.3:a:openldap:openldap:2.0.12
    cpe:2.3:a:openldap:openldap:2.0.12
  • cpe:2.3:a:openldap:openldap:2.0.13
    cpe:2.3:a:openldap:openldap:2.0.13
  • cpe:2.3:a:openldap:openldap:2.0.14
    cpe:2.3:a:openldap:openldap:2.0.14
  • cpe:2.3:a:openldap:openldap:2.0.15
    cpe:2.3:a:openldap:openldap:2.0.15
  • cpe:2.3:a:openldap:openldap:2.0.16
    cpe:2.3:a:openldap:openldap:2.0.16
  • cpe:2.3:a:openldap:openldap:2.0.17
    cpe:2.3:a:openldap:openldap:2.0.17
  • cpe:2.3:a:openldap:openldap:2.0.18
    cpe:2.3:a:openldap:openldap:2.0.18
  • cpe:2.3:a:openldap:openldap:2.0.19
    cpe:2.3:a:openldap:openldap:2.0.19
  • cpe:2.3:a:openldap:openldap:2.0.20
    cpe:2.3:a:openldap:openldap:2.0.20
  • cpe:2.3:a:openldap:openldap:2.0.21
    cpe:2.3:a:openldap:openldap:2.0.21
  • cpe:2.3:a:openldap:openldap:2.0.22
    cpe:2.3:a:openldap:openldap:2.0.22
  • cpe:2.3:a:openldap:openldap:2.0.23
    cpe:2.3:a:openldap:openldap:2.0.23
  • cpe:2.3:a:openldap:openldap:2.0.24
    cpe:2.3:a:openldap:openldap:2.0.24
  • cpe:2.3:a:openldap:openldap:2.0.25
    cpe:2.3:a:openldap:openldap:2.0.25
  • cpe:2.3:a:openldap:openldap:2.0.26
    cpe:2.3:a:openldap:openldap:2.0.26
  • cpe:2.3:a:openldap:openldap:2.0.27
    cpe:2.3:a:openldap:openldap:2.0.27
  • cpe:2.3:a:openldap:openldap:2.1.2
    cpe:2.3:a:openldap:openldap:2.1.2
  • cpe:2.3:a:openldap:openldap:2.1.3
    cpe:2.3:a:openldap:openldap:2.1.3
  • cpe:2.3:a:openldap:openldap:2.1.4
    cpe:2.3:a:openldap:openldap:2.1.4
  • cpe:2.3:a:openldap:openldap:2.1.5
    cpe:2.3:a:openldap:openldap:2.1.5
  • cpe:2.3:a:openldap:openldap:2.1.6
    cpe:2.3:a:openldap:openldap:2.1.6
  • cpe:2.3:a:openldap:openldap:2.1.7
    cpe:2.3:a:openldap:openldap:2.1.7
  • cpe:2.3:a:openldap:openldap:2.1.8
    cpe:2.3:a:openldap:openldap:2.1.8
  • cpe:2.3:a:openldap:openldap:2.1.9
    cpe:2.3:a:openldap:openldap:2.1.9
  • cpe:2.3:a:openldap:openldap:2.1.10
    cpe:2.3:a:openldap:openldap:2.1.10
  • cpe:2.3:a:openldap:openldap:2.1.11
    cpe:2.3:a:openldap:openldap:2.1.11
  • cpe:2.3:a:openldap:openldap:2.1.12
    cpe:2.3:a:openldap:openldap:2.1.12
  • cpe:2.3:a:openldap:openldap:2.1.13
    cpe:2.3:a:openldap:openldap:2.1.13
  • cpe:2.3:a:openldap:openldap:2.1.14
    cpe:2.3:a:openldap:openldap:2.1.14
  • cpe:2.3:a:openldap:openldap:2.1.15
    cpe:2.3:a:openldap:openldap:2.1.15
  • cpe:2.3:a:openldap:openldap:2.1.16
    cpe:2.3:a:openldap:openldap:2.1.16
  • cpe:2.3:a:openldap:openldap:2.1.17
    cpe:2.3:a:openldap:openldap:2.1.17
  • cpe:2.3:a:openldap:openldap:2.1.18
    cpe:2.3:a:openldap:openldap:2.1.18
  • cpe:2.3:a:openldap:openldap:2.1.19
    cpe:2.3:a:openldap:openldap:2.1.19
  • cpe:2.3:a:openldap:openldap:2.1.20
    cpe:2.3:a:openldap:openldap:2.1.20
  • cpe:2.3:a:openldap:openldap:2.1.21
    cpe:2.3:a:openldap:openldap:2.1.21
  • cpe:2.3:a:openldap:openldap:2.1.22
    cpe:2.3:a:openldap:openldap:2.1.22
  • cpe:2.3:a:openldap:openldap:2.1.23
    cpe:2.3:a:openldap:openldap:2.1.23
  • cpe:2.3:a:openldap:openldap:2.1.24
    cpe:2.3:a:openldap:openldap:2.1.24
  • cpe:2.3:a:openldap:openldap:2.1.25
    cpe:2.3:a:openldap:openldap:2.1.25
  • cpe:2.3:a:openldap:openldap:2.1.26
    cpe:2.3:a:openldap:openldap:2.1.26
  • cpe:2.3:a:openldap:openldap:2.1.27
    cpe:2.3:a:openldap:openldap:2.1.27
  • cpe:2.3:a:openldap:openldap:2.1.28
    cpe:2.3:a:openldap:openldap:2.1.28
  • cpe:2.3:a:openldap:openldap:2.1.29
    cpe:2.3:a:openldap:openldap:2.1.29
  • cpe:2.3:a:openldap:openldap:2.1.30
    cpe:2.3:a:openldap:openldap:2.1.30
  • cpe:2.3:a:openldap:openldap:2.2.0
    cpe:2.3:a:openldap:openldap:2.2.0
  • cpe:2.3:a:openldap:openldap:2.2.1
    cpe:2.3:a:openldap:openldap:2.2.1
  • cpe:2.3:a:openldap:openldap:2.2.4
    cpe:2.3:a:openldap:openldap:2.2.4
  • cpe:2.3:a:openldap:openldap:2.2.5
    cpe:2.3:a:openldap:openldap:2.2.5
  • cpe:2.3:a:openldap:openldap:2.2.6
    cpe:2.3:a:openldap:openldap:2.2.6
  • cpe:2.3:a:openldap:openldap:2.2.7
    cpe:2.3:a:openldap:openldap:2.2.7
  • cpe:2.3:a:openldap:openldap:2.2.8
    cpe:2.3:a:openldap:openldap:2.2.8
  • cpe:2.3:a:openldap:openldap:2.2.9
    cpe:2.3:a:openldap:openldap:2.2.9
  • cpe:2.3:a:openldap:openldap:2.2.10
    cpe:2.3:a:openldap:openldap:2.2.10
  • cpe:2.3:a:openldap:openldap:2.2.11
    cpe:2.3:a:openldap:openldap:2.2.11
  • cpe:2.3:a:openldap:openldap:2.2.12
    cpe:2.3:a:openldap:openldap:2.2.12
  • cpe:2.3:a:openldap:openldap:2.2.13
    cpe:2.3:a:openldap:openldap:2.2.13
  • cpe:2.3:a:openldap:openldap:2.2.14
    cpe:2.3:a:openldap:openldap:2.2.14
  • cpe:2.3:a:openldap:openldap:2.2.15
    cpe:2.3:a:openldap:openldap:2.2.15
  • cpe:2.3:a:openldap:openldap:2.2.16
    cpe:2.3:a:openldap:openldap:2.2.16
  • cpe:2.3:a:openldap:openldap:2.2.17
    cpe:2.3:a:openldap:openldap:2.2.17
  • cpe:2.3:a:openldap:openldap:2.2.18
    cpe:2.3:a:openldap:openldap:2.2.18
  • cpe:2.3:a:openldap:openldap:2.2.19
    cpe:2.3:a:openldap:openldap:2.2.19
  • cpe:2.3:a:openldap:openldap:2.2.20
    cpe:2.3:a:openldap:openldap:2.2.20
  • cpe:2.3:a:openldap:openldap:2.2.21
    cpe:2.3:a:openldap:openldap:2.2.21
  • cpe:2.3:a:openldap:openldap:2.2.22
    cpe:2.3:a:openldap:openldap:2.2.22
  • cpe:2.3:a:openldap:openldap:2.2.23
    cpe:2.3:a:openldap:openldap:2.2.23
  • cpe:2.3:a:openldap:openldap:2.2.24
    cpe:2.3:a:openldap:openldap:2.2.24
  • cpe:2.3:a:openldap:openldap:2.2.25
    cpe:2.3:a:openldap:openldap:2.2.25
  • cpe:2.3:a:openldap:openldap:2.2.26
    cpe:2.3:a:openldap:openldap:2.2.26
  • cpe:2.3:a:openldap:openldap:2.2.27
    cpe:2.3:a:openldap:openldap:2.2.27
  • cpe:2.3:a:openldap:openldap:2.3.10
    cpe:2.3:a:openldap:openldap:2.3.10
  • cpe:2.3:a:openldap:openldap:2.3.11
    cpe:2.3:a:openldap:openldap:2.3.11
  • cpe:2.3:a:openldap:openldap:2.3.12
    cpe:2.3:a:openldap:openldap:2.3.12
  • cpe:2.3:a:openldap:openldap:2.3.13
    cpe:2.3:a:openldap:openldap:2.3.13
  • cpe:2.3:a:openldap:openldap:2.3.14
    cpe:2.3:a:openldap:openldap:2.3.14
  • cpe:2.3:a:openldap:openldap:2.3.15
    cpe:2.3:a:openldap:openldap:2.3.15
  • cpe:2.3:a:openldap:openldap:2.3.16
    cpe:2.3:a:openldap:openldap:2.3.16
  • cpe:2.3:a:openldap:openldap:2.3.17
    cpe:2.3:a:openldap:openldap:2.3.17
  • cpe:2.3:a:openldap:openldap:2.3.18
    cpe:2.3:a:openldap:openldap:2.3.18
  • cpe:2.3:a:openldap:openldap:2.3.19
    cpe:2.3:a:openldap:openldap:2.3.19
  • cpe:2.3:a:openldap:openldap:2.3.20
    cpe:2.3:a:openldap:openldap:2.3.20
  • cpe:2.3:a:openldap:openldap:2.3.21
    cpe:2.3:a:openldap:openldap:2.3.21
  • cpe:2.3:a:openldap:openldap:2.3.22
    cpe:2.3:a:openldap:openldap:2.3.22
  • cpe:2.3:a:openldap:openldap:2.3.23
    cpe:2.3:a:openldap:openldap:2.3.23
  • cpe:2.3:a:openldap:openldap:2.3.24
    cpe:2.3:a:openldap:openldap:2.3.24
  • cpe:2.3:a:openldap:openldap:2.3.25
    cpe:2.3:a:openldap:openldap:2.3.25
  • cpe:2.3:a:openldap:openldap:2.3.26
    cpe:2.3:a:openldap:openldap:2.3.26
  • cpe:2.3:a:openldap:openldap:2.3.27
    cpe:2.3:a:openldap:openldap:2.3.27
  • cpe:2.3:a:openldap:openldap:2.3.28
    cpe:2.3:a:openldap:openldap:2.3.28
CVSS
Base: 5.0 (as of 09-11-2006 - 10:37)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11307.NASL
    description OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash. (CVE-2006-5779)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41106
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41106
    title SuSE9 Security Update : openldap2-client (YOU Patch Number 11307)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-208.NASL
    description An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap. Packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 24593
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24593
    title Mandrake Linux Security Advisory : openldap (MDKSA-2006:208)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENLDAP2-CLIENT-2282.NASL
    description OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash (CVE-2006-5779).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27364
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27364
    title openSUSE 10 Security Update : openldap2-client (openldap2-client-2282)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200611-25.NASL
    description The remote host is affected by the vulnerability described in GLSA-200611-25 (OpenLDAP: Denial of Service vulnerability) Evgeny Legerov has discovered that the truncation of an incoming authcid longer than 255 characters and ending with a space as the 255th character will lead to an improperly computed name length. This will trigger an assert in the libldap code. Impact : By sending a BIND request with a specially crafted authcid parameter to an OpenLDAP service, a remote attacker can cause the service to crash. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 23747
    published 2006-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23747
    title GLSA-200611-25 : OpenLDAP: Denial of Service vulnerability
  • NASL family Denial of Service
    NASL id OPENLDAP_SASL_BIND_DOS.NASL
    description The remote host appears to be running OpenLDAP, an open source LDAP directory implementation. The version of OpenLDAP installed on the remote host fails to handle malformed SASL bind requests. An unauthenticated attacker can leverage this issue to crash the LDAP server on the affected host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 23625
    published 2006-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23625
    title OpenLDAP SASL authcid Name BIND Request DoS
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENLDAP2-CLIENT-2291.NASL
    description OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash. (CVE-2006-5779)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29537
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29537
    title SuSE 10 Security Update : openldap2-client (ZYPP Patch Number 2291)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-384-1.NASL
    description Evgeny Legerov discovered that the OpenLDAP libraries did not correctly truncate authcid names. This situation would trigger an assert and abort the program using the libraries. A remote attacker could send specially crafted bind requests that would lead to an LDAP server denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 27967
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27967
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : openldap2.2 vulnerability (USN-384-1)
refmap via4
bid 20939
bugtraq 20061106 VulnDisco Pack for Metasploit
confirm
gentoo GLSA-200611-25
mandriva MDKSA-2006:208
misc
openpkg OpenPKG-SA-2006.033
sectrack 1017166
secunia
  • 22750
  • 22953
  • 22996
  • 23125
  • 23133
  • 23152
  • 23170
sreason 1831
suse SUSE-SA:2006:072
trustix 2006-0066
ubuntu USN-384-1
vupen ADV-2006-4379
xf openldap-bind-dos(30076)
statements via4
contributor Joshua Bressers
lastmodified 2007-03-14
organization Red Hat
statement Not Vulnerable. The OpenLDAP versions shipped with Red Hat Enterprise Linux 4 and earlier do not contain the vulnerable code in question. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 26-08-2011 - 00:00
Published 07-11-2006 - 13:07
Last modified 17-10-2018 - 17:44
Back to Top