Информационная безопасность
[RU] switch to English

Многочисленные уязвимости безопасности в OpenLDAP
Опубликовано:13 апреля 2015 г.
SecurityVulns ID:14377
Уровень опасности:
Описание:Повышение привилегий, DoS.
Затронутые продукты:OPENLDAP : OpenLDAP 2.4
CVE:CVE-2015-1545 (The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.)
 CVE-2014-9713 (The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.)
 CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3209-1] openldap security update (13.04.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород