Openldap: Security Vulnerabilities
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
CVSS Score
5.0
EPSS Score
0.028
Published
2005-06-30
Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).
CVSS Score
5.0
EPSS Score
0.011
Published
2004-12-31
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
CVSS Score
7.5
EPSS Score
0.006
Published
2004-09-07
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).
CVSS Score
5.0
EPSS Score
0.003
Published
2003-03-20
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.
CVSS Score
1.2
EPSS Score
0.0
Published
2003-02-19
Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests.
CVSS Score
7.5
EPSS Score
0.092
Published
2003-01-02
OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges.
CVSS Score
7.5
EPSS Score
0.012
Published
2003-01-02
slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.
CVSS Score
7.5
EPSS Score
0.032
Published
2002-01-31
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
CVSS Score
5.0
EPSS Score
0.03
Published
2001-07-16
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.
CVSS Score
4.6
EPSS Score
0.001
Published
2000-10-20