exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2015-6908

Status Candidate

Overview

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Related Files

Apple Security Advisory 2015-12-08-3
Posted Dec 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-12-08-3 - OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses 54 vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-2895, CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2015-3807, CVE-2015-5333, CVE-2015-5334, CVE-2015-6908, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7044, CVE-2015-7045, CVE-2015-7046, CVE-2015-7047, CVE-2015-7052, CVE-2015-7053, CVE-2015-7054, CVE-2015-7058, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7062, CVE-2015-7063
SHA-256 | 78e2a97a16b2ff481c45ddbbba9833cf2d0f52000284853fc1795caaaf5b2c92
Red Hat Security Advisory 2015-1840-01
Posted Sep 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1840-01 - OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon parsed certain Basic Encoding Rules data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-6908
SHA-256 | 2b8db859613f053e6c09246eb10db2943893cddb4c9cda9cb50ffde1360f2a63
Ubuntu Security Notice USN-2742-1
Posted Sep 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2742-1 - Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER data. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped with a potentially unsafe default access control configuration. Depending on how the database is configure, this may allow users to impersonate others by modifying attributes such as their Unix user and group numbers. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, unix, ubuntu
advisories | CVE-2014-9713, CVE-2015-6908
SHA-256 | 9b6a8ed19fb6f7e3f64b01c4aa1fe8b45478ce1971f92272242e7566e492728c
Debian Security Advisory 3356-1
Posted Sep 15, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3356-1 - Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet.

tags | advisory, remote, denial of service, protocol
systems | linux, debian
advisories | CVE-2015-6908
SHA-256 | 6ea26f64cefbfb2556a3754993d105f8cd15fe3aedccdcdf9a191f239a95031f
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close