Vulnerability Details CVE-2006-5779
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.478
EPSS Ranking 97.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz
- http://gleg.net/vulndisco_meta.shtml
- http://secunia.com/advisories/22750
- http://secunia.com/advisories/22953
- http://secunia.com/advisories/22996
- http://secunia.com/advisories/23125
- http://secunia.com/advisories/23133
- http://secunia.com/advisories/23152
- http://secunia.com/advisories/23170
- http://security.gentoo.org/glsa/glsa-200611-25.xml
- http://securityreason.com/securityalert/1831
- http://securitytracker.com/id?1017166
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:208
- http://www.novell.com/linux/security/advisories/2006_72_openldap2.html
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html
- http://www.securityfocus.com/archive/1/450728/100/0/threaded
- http://www.securityfocus.com/bid/20939
- http://www.trustix.org/errata/2006/0066/
- http://www.ubuntu.com/usn/usn-384-1
- http://www.vupen.com/english/advisories/2006/4379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30076
- https://issues.rpath.com/browse/RPL-820
- http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz
- http://gleg.net/vulndisco_meta.shtml
- http://secunia.com/advisories/22750
- http://secunia.com/advisories/22953
- http://secunia.com/advisories/22996
- http://secunia.com/advisories/23125
- http://secunia.com/advisories/23133
- http://secunia.com/advisories/23152
- http://secunia.com/advisories/23170
- http://security.gentoo.org/glsa/glsa-200611-25.xml
- http://securityreason.com/securityalert/1831
- http://securitytracker.com/id?1017166
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:208
- http://www.novell.com/linux/security/advisories/2006_72_openldap2.html
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html
- http://www.securityfocus.com/archive/1/450728/100/0/threaded
- http://www.securityfocus.com/bid/20939
- http://www.trustix.org/errata/2006/0066/
- http://www.ubuntu.com/usn/usn-384-1
- http://www.vupen.com/english/advisories/2006/4379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30076
- https://issues.rpath.com/browse/RPL-820
Products affected by CVE-2006-5779
-
cpe:2.3:a:openldap:openldap:-
-
cpe:2.3:a:openldap:openldap:2.0
-
cpe:2.3:o:canonical:ubuntu_linux:5.10
-
cpe:2.3:o:canonical:ubuntu_linux:6.06
-
cpe:2.3:o:canonical:ubuntu_linux:6.10