| ID |
CVE-2006-5779
|
| Summary |
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:openldap:openldap:-:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:-:*:*:*:*:*:*:*
-
cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.0 (as of 08-02-2024 - 02:20) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-617 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| refmap
via4
|
| bid | 20939 | | bugtraq | 20061106 VulnDisco Pack for Metasploit | | confirm | | | gentoo | GLSA-200611-25 | | mandriva | MDKSA-2006:208 | | misc | | | openpkg | OpenPKG-SA-2006.033 | | sectrack | 1017166 | | secunia | - 22750
- 22953
- 22996
- 23125
- 23133
- 23152
- 23170
| | sreason | 1831 | | suse | SUSE-SA:2006:072 | | trustix | 2006-0066 | | ubuntu | USN-384-1 | | vupen | ADV-2006-4379 | | xf | openldap-bind-dos(30076) |
|
| statements
via4
|
| contributor | Joshua Bressers | | lastmodified | 2007-03-14 | | organization | Red Hat | | statement | Not Vulnerable. The OpenLDAP versions shipped with Red Hat Enterprise Linux 4 and earlier do not contain the vulnerable code in question. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
|
| Last major update |
08-02-2024 - 02:20 |
| Published |
07-11-2006 - 18:07 |
| Last modified |
08-02-2024 - 02:20 |
