Denial of Service : OpenLDAP ber_get

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.809787

Categoría: Denial of Service

Título: OpenLDAP ber_get_next DoS Vulnerability

Resumen: OpenLDAP is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
OpenLDAP is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The flaw is due to an 'assert' function
call within the ber_get_next method (io.c line 682) that is hit when decoding
tampered BER data.

Vulnerability Impact:
Successful exploitation may allow remote
attackers to cause the application to crash, creating a denial-of-service
condition.

Affected Software/OS:
OpenLDAP versions 2.4.42 and prior.

Solution:
Upgrade to OpenLDAP version 2.4.43 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-6908
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
BugTraq ID: 76714
http://www.securityfocus.com/bid/76714
Debian Security Information: DSA-3356 (Google Search)
http://www.debian.org/security/2015/dsa-3356
RedHat Security Advisories: RHSA-2015:1840
http://rhn.redhat.com/errata/RHSA-2015-1840.html
http://www.securitytracker.com/id/1033534
SuSE Security Announcement: SUSE-SU-2016:0224 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
SuSE Security Announcement: SUSE-SU-2016:0262 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
SuSE Security Announcement: openSUSE-SU-2016:0226 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
SuSE Security Announcement: openSUSE-SU-2016:0255 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
SuSE Security Announcement: openSUSE-SU-2016:0261 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
http://www.ubuntu.com/usn/USN-2742-1

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.809787
Categoría:	Denial of Service
Título:	OpenLDAP ber_get_next DoS Vulnerability
Resumen:	OpenLDAP is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: OpenLDAP is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an 'assert' function call within the ber_get_next method (io.c line 682) that is hit when decoding tampered BER data. Vulnerability Impact: Successful exploitation may allow remote attackers to cause the application to crash, creating a denial-of-service condition. Affected Software/OS: OpenLDAP versions 2.4.42 and prior. Solution: Upgrade to OpenLDAP version 2.4.43 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6908 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html BugTraq ID: 76714 http://www.securityfocus.com/bid/76714 Debian Security Information: DSA-3356 (Google Search) http://www.debian.org/security/2015/dsa-3356 RedHat Security Advisories: RHSA-2015:1840 http://rhn.redhat.com/errata/RHSA-2015-1840.html http://www.securitytracker.com/id/1033534 SuSE Security Announcement: SUSE-SU-2016:0224 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html SuSE Security Announcement: SUSE-SU-2016:0262 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html SuSE Security Announcement: openSUSE-SU-2016:0226 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html SuSE Security Announcement: openSUSE-SU-2016:0255 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html SuSE Security Announcement: openSUSE-SU-2016:0261 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html http://www.ubuntu.com/usn/USN-2742-1
Copyright	Copyright (C) 2017 Greenbone AG