ID CVE-2013-4449
Summary The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
References
Vulnerable Configurations
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • OpenLDAP 2.4.6
    cpe:2.3:a:openldap:openldap:2.4.6
  • OpenLDAP 2.4.7
    cpe:2.3:a:openldap:openldap:2.4.7
  • OpenLDAP 2.4.8
    cpe:2.3:a:openldap:openldap:2.4.8
  • OpenLDAP 2.4.9
    cpe:2.3:a:openldap:openldap:2.4.9
  • OpenLDAP 2.4.18
    cpe:2.3:a:openldap:openldap:2.4.18
  • OpenLDAP 2.4.17
    cpe:2.3:a:openldap:openldap:2.4.17
  • OpenLDAP 2.4.16
    cpe:2.3:a:openldap:openldap:2.4.16
  • OpenLDAP 2.4.15
    cpe:2.3:a:openldap:openldap:2.4.15
  • OpenLDAP 2.4.14
    cpe:2.3:a:openldap:openldap:2.4.14
  • OpenLDAP 2.4.13
    cpe:2.3:a:openldap:openldap:2.4.13
  • OpenLDAP 2.4.12
    cpe:2.3:a:openldap:openldap:2.4.12
  • OpenLDAP 2.4.11
    cpe:2.3:a:openldap:openldap:2.4.11
  • OpenLDAP 2.4.10
    cpe:2.3:a:openldap:openldap:2.4.10
  • OpenLDAP 2.4.30
    cpe:2.3:a:openldap:openldap:2.4.30
  • OpenLDAP 2.4.29
    cpe:2.3:a:openldap:openldap:2.4.29
  • OpenLDAP 2.4.28
    cpe:2.3:a:openldap:openldap:2.4.28
  • OpenLDAP 2.4.27
    cpe:2.3:a:openldap:openldap:2.4.27
  • OpenLDAP 2.4.26
    cpe:2.3:a:openldap:openldap:2.4.26
  • OpenLDAP 2.4.25
    cpe:2.3:a:openldap:openldap:2.4.25
  • OpenLDAP 2.4.24
    cpe:2.3:a:openldap:openldap:2.4.24
  • OpenLDAP 2.4.22
    cpe:2.3:a:openldap:openldap:2.4.22
  • OpenLDAP 2.4.21
    cpe:2.3:a:openldap:openldap:2.4.21
  • OpenLDAP 2.4.20
    cpe:2.3:a:openldap:openldap:2.4.20
  • OpenLDAP 2.4.19
    cpe:2.3:a:openldap:openldap:2.4.19
  • OpenLDAP OpenLDAP 2.4.36
    cpe:2.3:a:openldap:openldap:2.4.36
  • OpenLDAP OpenLDAP 2.4.35
    cpe:2.3:a:openldap:openldap:2.4.35
  • OpenLDAP OpenLDAP 2.4.34
    cpe:2.3:a:openldap:openldap:2.4.34
  • OpenLDAP OpenLDAP 2.4.33
    cpe:2.3:a:openldap:openldap:2.4.33
  • OpenLDAP OpenLDAP 2.4.32
    cpe:2.3:a:openldap:openldap:2.4.32
  • OpenLDAP OpenLDAP 2.4.31
    cpe:2.3:a:openldap:openldap:2.4.31
  • OpenLDAP 2.4.23
    cpe:2.3:a:openldap:openldap:2.4.23
CVSS
Base: 4.3 (as of 01-04-2016 - 15:00)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3209.NASL
    description Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. - CVE-2013-4449 Michael Vishchers from Seven Principles AG discovered a denial of service vulnerability in slapd, the directory server implementation. When the server is configured to used the RWM overlay, an attacker can make it crash by unbinding just after connecting, because of an issue with reference counting. - CVE-2014-9713 The default Debian configuration of the directory database allows every users to edit their own attributes. When LDAP directories are used for access control, and this is done using user attributes, an authenticated user can leverage this to gain access to unauthorized resources. Please note this is a Debian specific vulnerability. The new package won't use the unsafe access control rule for new databases, but existing configurations won't be automatically modified. Administrators are incited to look at the README.Debian file provided by the updated package if they need to fix the access control rule. - CVE-2015-1545 Ryan Tandy discovered a denial of service vulnerability in slapd. When using the deref overlay, providing an empty attribute list in a query makes the daemon crashes.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 82432
    published 2015-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82432
    title Debian DSA-3209-1 : openldap - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0126.NASL
    description Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue. This update also fixes the following bug : * Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug. (BZ#1056124) All openldap users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72273
    published 2014-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72273
    title RHEL 6 : openldap (RHSA-2014:0126)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0126.NASL
    description Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue. This update also fixes the following bug : * Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug. (BZ#1056124) All openldap users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72267
    published 2014-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72267
    title CentOS 6 : openldap (CESA-2014:0126)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-2967.NASL
    description CVE-2013-4449: segfault on certain queries with rwm overlay (#1060851) Update to 2.4.39 (#1067818) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 72913
    published 2014-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72913
    title Fedora 19 : openldap-2.4.39-2.fc19 (2014-2967)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0126.NASL
    description From Red Hat Security Advisory 2014:0126 : Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue. This update also fixes the following bug : * Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug. (BZ#1056124) All openldap users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 72271
    published 2014-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72271
    title Oracle Linux 6 : openldap (ELSA-2014-0126)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-2012.NASL
    description fix rmw reference counting bug new upstream release (#1059186); http://www.openldap.org/software/release/changes.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 72451
    published 2014-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72451
    title Fedora 20 : openldap-2.4.39-2.fc20 (2014-2012)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2622-1.NASL
    description It was discovered that OpenLDAP incorrectly handled certain search queries that returned empty attributes. A remote attacker could use this issue to cause OpenLDAP to assert, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1164) Michael Vishchers discovered that OpenLDAP improperly counted references when the rwm overlay was used. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2013-4449) It was discovered that OpenLDAP incorrectly handled certain empty attribute lists in search requests. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2015-1545). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 83863
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83863
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openldap vulnerabilities (USN-2622-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140224_OPENLDAP_ON_SL5_X.NASL
    description A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 72680
    published 2014-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72680
    title Scientific Linux Security Update : openldap on SL5.x i386/x86_64
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0069.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2015-6908 openldap: ber_get_next denial of service vulnerability (#1263170) - fix: syncprov psearch race condition (#999811) - fix: CVE-2013-4449 segfault on certain queries with rwm overlay (#1064146) - fix: do not send IPv6 DNS queries when IPv6 is disabled on the host (#812772) - fix: disable static libraries stripping (#684630) - fix: memory leaks in syncrepl and slap_sl_free (#741184) - new feature update: honor priority/weight with ldap_domain2hostlist (#733435) - fix: initscript marked as %config incorrectly (#738768) - new feature: honor priority/weight with ldap_domain2hostlist (#733435) - fix: strict aliasing warnings during package build (#732381) - fix: OpenLDAP packages lack debug data (#684630) - doc: Document preferred use of TLS_CACERT instead of TLS_CACERTDIR to specify Certificate Authorities (#699652) - fix: libldap ignores a directory of CA certificates if any of them can't be read (#609722) - fix: Migration: migrate_all_offline.sh can't handle duplicate entries (#563148) - fix: Init script is working wrong if database recovery is needed (#604092) - fix: CVE-2011-1024 ppolicy forwarded bind failure messages cause success (#680486) - fix: slapd concurrent access to connections causes slapd to silently die (#641953) - backport: ldap_init_fd API function - fix: ppolicy crash while replace-deleting userPassword attribute (#665951) - fix: connection freeze when using TLS (#591419) - don't remove task twice during replication - fixed segfault issues in modrdn (#606375) - added patch handling null char in TLS to compat package (#606375, patch backported by Jan Vcelak )
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 91749
    published 2016-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91749
    title OracleVM 3.2 : openldap (OVMSA-2016-0069)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_OPENLDAP2-20150423-150413.NASL
    description openldap2 was updated to fix three security issues and one non-security bug. The following vulnerabilities were fixed : - A remote attacker could cause a denial of service (slapd crash) by unbinding immediately after a search request. (bnc#846389, CVE-2013-4449) - A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897, CVE-2015-1545) - A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914, CVE-2015-1546) The following non-security bug was fixed : - Prevent connection-0 (internal connection) from showing up in the monitor back-end. (bnc#905959)
    last seen 2019-02-21
    modified 2015-05-18
    plugin id 83516
    published 2015-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83516
    title SuSE 11.3 Security Update : openldap2 (SAT Patch Number 10635)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-294.NASL
    description The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 72750
    published 2014-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72750
    title Amazon Linux AMI : openldap (ALAS-2014-294)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140203_OPENLDAP_ON_SL6_X.NASL
    description A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) This update also fixes the following bug : - Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 72276
    published 2014-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72276
    title Scientific Linux Security Update : openldap on SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0206.NASL
    description Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue. All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72673
    published 2014-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72673
    title CentOS 5 : openldap (CESA-2014:0206)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0206.NASL
    description From Red Hat Security Advisory 2014:0206 : Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue. All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 72677
    published 2014-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72677
    title Oracle Linux 5 : openldap (ELSA-2014-0206)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0206.NASL
    description Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue. All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72679
    published 2014-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72679
    title RHEL 5 : openldap (RHSA-2014:0206)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-026.NASL
    description A vulnerability has been discovered and corrected in openldap : The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search (CVE-2013-4449). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 72467
    published 2014-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72467
    title Mandriva Linux Security Advisory : openldap (MDVSA-2014:026)
redhat via4
advisories
  • bugzilla
    id 1019490
    title CVE-2013-4449 openldap: segfault on certain queries with rwm overlay
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment openldap is earlier than 0:2.4.23-34.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140126005
        • comment openldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110347006
      • AND
        • comment openldap-clients is earlier than 0:2.4.23-34.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140126009
        • comment openldap-clients is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110347016
      • AND
        • comment openldap-devel is earlier than 0:2.4.23-34.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140126013
        • comment openldap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110347008
      • AND
        • comment openldap-servers is earlier than 0:2.4.23-34.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140126007
        • comment openldap-servers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110347012
      • AND
        • comment openldap-servers-sql is earlier than 0:2.4.23-34.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140126011
        • comment openldap-servers-sql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110347014
    rhsa
    id RHSA-2014:0126
    released 2014-02-03
    severity Moderate
    title RHSA-2014:0126: openldap security and bug fix update (Moderate)
  • bugzilla
    id 1019490
    title CVE-2013-4449 openldap: segfault on certain queries with rwm overlay
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment compat-openldap is earlier than 0:2.3.43_2.2.29-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206008
        • comment compat-openldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037011
      • AND
        • comment openldap is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206002
        • comment openldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037003
      • AND
        • comment openldap-clients is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206010
        • comment openldap-clients is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037005
      • AND
        • comment openldap-devel is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206012
        • comment openldap-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037009
      • AND
        • comment openldap-servers is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206014
        • comment openldap-servers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037007
      • AND
        • comment openldap-servers-overlays is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206004
        • comment openldap-servers-overlays is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100198013
      • AND
        • comment openldap-servers-sql is earlier than 0:2.3.43-27.el5_10
          oval oval:com.redhat.rhsa:tst:20140206006
        • comment openldap-servers-sql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037013
    rhsa
    id RHSA-2014:0206
    released 2014-02-24
    severity Moderate
    title RHSA-2014:0206: openldap security update (Moderate)
rpms
  • openldap-0:2.4.23-34.el6_5.1
  • openldap-clients-0:2.4.23-34.el6_5.1
  • openldap-devel-0:2.4.23-34.el6_5.1
  • openldap-servers-0:2.4.23-34.el6_5.1
  • openldap-servers-sql-0:2.4.23-34.el6_5.1
  • compat-openldap-0:2.3.43_2.2.29-27.el5_10
  • openldap-0:2.3.43-27.el5_10
  • openldap-clients-0:2.3.43-27.el5_10
  • openldap-devel-0:2.3.43-27.el5_10
  • openldap-servers-0:2.3.43-27.el5_10
  • openldap-servers-overlays-0:2.3.43-27.el5_10
  • openldap-servers-sql-0:2.3.43-27.el5_10
refmap via4
bid 63190
cisco 20140401 Cisco Unified Communications Manager Denial of Service Vulnerability
confirm
debian DSA-3209
mandriva MDVSA-2014:026
mlist [oss-security] 20131018 Re: CVE request: slapd segfaults on certain queries with rwm overlay enabled
sectrack 1029711
Last major update 07-12-2016 - 22:03
Published 05-02-2014 - 13:55
Back to Top