Vulnerabilities > CVE-2006-2754 - Remote Security vulnerability in OpenLDAP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 12 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200606-17.NASL description The remote host is affected by the vulnerability described in GLSA-200606-17 (OpenLDAP: Buffer overflow) slurpd contains a buffer overflow when reading very long hostnames from the status file. Impact : By injecting an overly long hostname in the status file, an attacker could possibly cause the execution of arbitrary code with the permissions of the user running slurpd. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21710 published 2006-06-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21710 title GLSA-200606-17 : OpenLDAP: Buffer overflow NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-305-1.NASL description When processing overly long host names in OpenLDAP last seen 2020-06-01 modified 2020-06-02 plugin id 27880 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27880 title Ubuntu 5.04 / 5.10 / 6.06 LTS : openldap2, openldap2.2 vulnerability (USN-305-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-096.NASL description A stack-based buffer overflow in st.c in slurpd for OpenLDAP might allow attackers to execute arbitrary code via a long hostname. Packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21668 published 2006-06-08 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21668 title Mandrake Linux Security Advisory : openldap (MDKSA-2006:096)
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-08-16 |
| organization | Red Hat |
| statement | This issue is not exploitable as the status file is only written to and read by the slurpd process. Therefore this is not a vulnerability that affects Red Hat Enterprise Linux 2.1, 3, or 4. |
References
- http://secunia.com/advisories/20126
- http://secunia.com/advisories/20495
- http://secunia.com/advisories/20685
- http://secunia.com/advisories/20848
- http://www.gentoo.org/security/en/glsa/glsa-200606-17.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:096
- http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c.diff?r1=1.21&r2=1.22&hideattic=1&sortbydate=0&f=h
- http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c?hideattic=1&sortbydate=0#rev1.22
- http://www.openldap.org/software/release/changes.html
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.008-openldap.html
- http://www.osvdb.org/25659
- http://www.securityfocus.com/archive/1/436674/100/0/threaded
- http://www.vupen.com/english/advisories/2006/1921
- https://usn.ubuntu.com/305-1/