ID CVE-2013-4449
Summary The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:-:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 08-12-2016 - 03:03)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1019490
    title CVE-2013-4449 openldap: segfault on certain queries with rwm overlay
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment openldap is earlier than 0:2.4.23-34.el6_5.1
            oval oval:com.redhat.rhsa:tst:20140126001
          • comment openldap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20151292002
        • AND
          • comment openldap-clients is earlier than 0:2.4.23-34.el6_5.1
            oval oval:com.redhat.rhsa:tst:20140126003
          • comment openldap-clients is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20151292004
        • AND
          • comment openldap-devel is earlier than 0:2.4.23-34.el6_5.1
            oval oval:com.redhat.rhsa:tst:20140126005
          • comment openldap-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20151292006
        • AND
          • comment openldap-servers is earlier than 0:2.4.23-34.el6_5.1
            oval oval:com.redhat.rhsa:tst:20140126007
          • comment openldap-servers is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20151292008
        • AND
          • comment openldap-servers-sql is earlier than 0:2.4.23-34.el6_5.1
            oval oval:com.redhat.rhsa:tst:20140126009
          • comment openldap-servers-sql is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20151292010
    rhsa
    id RHSA-2014:0126
    released 2014-02-03
    severity Moderate
    title RHSA-2014:0126: openldap security and bug fix update (Moderate)
  • bugzilla
    id 1019490
    title CVE-2013-4449 openldap: segfault on certain queries with rwm overlay
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment compat-openldap is earlier than 0:2.3.43_2.2.29-27.el5_10
            oval oval:com.redhat.rhsa:tst:20140206001
          • comment compat-openldap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20071037002
        • AND
          • comment openldap is earlier than 0:2.3.43-27.el5_10
            oval oval:com.redhat.rhsa:tst:20140206003
          • comment openldap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20071037004
        • AND
          • comment openldap-clients is earlier than 0:2.3.43-27.el5_10
            oval oval:com.redhat.rhsa:tst:20140206005
          • comment openldap-clients is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20071037006
        • AND
          • comment openldap-devel is earlier than 0:2.3.43-27.el5_10
            oval oval:com.redhat.rhsa:tst:20140206007
          • comment openldap-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20071037008
        • AND
          • comment openldap-servers is earlier than 0:2.3.43-27.el5_10
            oval oval:com.redhat.rhsa:tst:20140206009
          • comment openldap-servers is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20071037010
        • AND
          • comment openldap-servers-overlays is earlier than 0:2.3.43-27.el5_10
            oval oval:com.redhat.rhsa:tst:20140206011
          • comment openldap-servers-overlays is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100198012
        • AND
          • comment openldap-servers-sql is earlier than 0:2.3.43-27.el5_10
            oval oval:com.redhat.rhsa:tst:20140206013
          • comment openldap-servers-sql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20071037012
    rhsa
    id RHSA-2014:0206
    released 2014-02-24
    severity Moderate
    title RHSA-2014:0206: openldap security update (Moderate)
rpms
  • openldap-0:2.4.23-34.el6_5.1
  • openldap-clients-0:2.4.23-34.el6_5.1
  • openldap-debuginfo-0:2.4.23-34.el6_5.1
  • openldap-devel-0:2.4.23-34.el6_5.1
  • openldap-servers-0:2.4.23-34.el6_5.1
  • openldap-servers-sql-0:2.4.23-34.el6_5.1
  • compat-openldap-0:2.3.43_2.2.29-27.el5_10
  • openldap-0:2.3.43-27.el5_10
  • openldap-clients-0:2.3.43-27.el5_10
  • openldap-debuginfo-0:2.3.43-27.el5_10
  • openldap-devel-0:2.3.43-27.el5_10
  • openldap-servers-0:2.3.43-27.el5_10
  • openldap-servers-overlays-0:2.3.43-27.el5_10
  • openldap-servers-sql-0:2.3.43-27.el5_10
refmap via4
bid 63190
bugtraq 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
cisco 20140401 Cisco Unified Communications Manager Denial of Service Vulnerability
confirm
debian DSA-3209
fulldisc 20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
mandriva MDVSA-2014:026
mlist [oss-security] 20131018 Re: CVE request: slapd segfaults on certain queries with rwm overlay enabled
sectrack 1029711
Last major update 08-12-2016 - 03:03
Published 05-02-2014 - 18:55
Last modified 08-12-2016 - 03:03
Back to Top