ID CVE-2014-8182
Summary An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.
References
Vulnerable Configurations
  • cpe:2.3:a:openldap:openldap:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-193
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
redhat via4
advisories
bugzilla
id 1202696
title ppc64: slaptest segfault in openldap-2.4.40
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment openldap is earlier than 0:2.4.40-5.el6
        oval oval:com.redhat.rhba:tst:20151292007
      • comment openldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20151292008
    • AND
      • comment openldap-clients is earlier than 0:2.4.40-5.el6
        oval oval:com.redhat.rhba:tst:20151292009
      • comment openldap-clients is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20151292010
    • AND
      • comment openldap-devel is earlier than 0:2.4.40-5.el6
        oval oval:com.redhat.rhba:tst:20151292011
      • comment openldap-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20151292012
    • AND
      • comment openldap-servers is earlier than 0:2.4.40-5.el6
        oval oval:com.redhat.rhba:tst:20151292013
      • comment openldap-servers is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20151292014
    • AND
      • comment openldap-servers-sql is earlier than 0:2.4.40-5.el6
        oval oval:com.redhat.rhba:tst:20151292005
      • comment openldap-servers-sql is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20151292006
rhsa
released 2015-07-22
severity None
title RHBA-2015:1292: openldap bug fix and enhancement update (None)
rpms
  • openldap-0:2.4.40-5.el6
  • openldap-clients-0:2.4.40-5.el6
  • openldap-devel-0:2.4.40-5.el6
  • openldap-servers-0:2.4.40-5.el6
  • openldap-servers-sql-0:2.4.40-5.el6
  • openldap-0:2.4.40-8.el7
  • openldap-clients-0:2.4.40-8.el7
  • openldap-devel-0:2.4.40-8.el7
  • openldap-servers-0:2.4.40-8.el7
  • openldap-servers-sql-0:2.4.40-8.el7
Last major update 02-01-2020 - 23:15
Published 02-01-2020 - 23:15
Last modified 09-01-2020 - 16:39
Back to Top