ID CVE-2013-4449
Summary The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:-:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 08-12-2016 - 03:03)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1019490
    title CVE-2013-4449 openldap: segfault on certain queries with rwm overlay
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment openldap is earlier than 0:2.4.23-34.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140126005
        • comment openldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151292008
      • AND
        • comment openldap-clients is earlier than 0:2.4.23-34.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140126009
        • comment openldap-clients is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151292010
      • AND
        • comment openldap-devel is earlier than 0:2.4.23-34.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140126013
        • comment openldap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151292012
      • AND
        • comment openldap-servers is earlier than 0:2.4.23-34.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140126007
        • comment openldap-servers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151292014
      • AND
        • comment openldap-servers-sql is earlier than 0:2.4.23-34.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140126011
        • comment openldap-servers-sql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151292006
    rhsa
    id RHSA-2014:0126
    released 2014-02-03
    severity Moderate
    title RHSA-2014:0126: openldap security and bug fix update (Moderate)
  • bugzilla
    id 1019490
    title CVE-2013-4449 openldap: segfault on certain queries with rwm overlay
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment compat-openldap is earlier than 0:2.3.43_2.2.29-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206008
        • comment compat-openldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037011
      • AND
        • comment openldap is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206002
        • comment openldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037003
      • AND
        • comment openldap-clients is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206010
        • comment openldap-clients is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037005
      • AND
        • comment openldap-devel is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206012
        • comment openldap-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037009
      • AND
        • comment openldap-servers is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206014
        • comment openldap-servers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037007
      • AND
        • comment openldap-servers-overlays is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206004
        • comment openldap-servers-overlays is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100198013
      • AND
        • comment openldap-servers-sql is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206006
        • comment openldap-servers-sql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037013
    rhsa
    id RHSA-2014:0206
    released 2014-02-24
    severity Moderate
    title RHSA-2014:0206: openldap security update (Moderate)
rpms
  • openldap-0:2.4.23-34.el6_5.1
  • openldap-clients-0:2.4.23-34.el6_5.1
  • openldap-devel-0:2.4.23-34.el6_5.1
  • openldap-servers-0:2.4.23-34.el6_5.1
  • openldap-servers-sql-0:2.4.23-34.el6_5.1
  • compat-openldap-0:2.3.43_2.2.29-27.el5_10
  • openldap-0:2.3.43-27.el5_10
  • openldap-clients-0:2.3.43-27.el5_10
  • openldap-devel-0:2.3.43-27.el5_10
  • openldap-servers-0:2.3.43-27.el5_10
  • openldap-servers-overlays-0:2.3.43-27.el5_10
  • openldap-servers-sql-0:2.3.43-27.el5_10
refmap via4
bid 63190
cisco 20140401 Cisco Unified Communications Manager Denial of Service Vulnerability
confirm
debian DSA-3209
mandriva MDVSA-2014:026
mlist [oss-security] 20131018 Re: CVE request: slapd segfaults on certain queries with rwm overlay enabled
sectrack 1029711
Last major update 08-12-2016 - 03:03
Published 05-02-2014 - 18:55
Back to Top