Vulnerabilities > CVE-2015-1546
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 2 | |
| OS | 1 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-073.NASL description Multiple vulnerabilities has been discovered and corrected in openldap : The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request (CVE-2015-1545). Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control (CVE-2015-1546). The updated packages provides a solution for these security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82326 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82326 title Mandriva Linux Security Advisory : openldap (MDVSA-2015:073) NASL family SuSE Local Security Checks NASL id SUSE_11_OPENLDAP2-20150423-150413.NASL description openldap2 was updated to fix three security issues and one non-security bug. The following vulnerabilities were fixed : - A remote attacker could cause a denial of service (slapd crash) by unbinding immediately after a search request. (bnc#846389, CVE-2013-4449) - A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897, CVE-2015-1545) - A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914, CVE-2015-1546) The following non-security bug was fixed : - Prevent connection-0 (internal connection) from showing up in the monitor back-end. (bnc#905959) last seen 2020-06-01 modified 2020-06-02 plugin id 83516 published 2015-05-18 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83516 title SuSE 11.3 Security Update : openldap2 (SAT Patch Number 10635) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1077-1.NASL description openldap2 was updated to fix two security issues and one non-security bug. The following vulnerabilities were fixed : - A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897 CVE-2015-1545) - A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914 CVE-2015-1546) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84261 published 2015-06-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84261 title SUSE SLED12 / SLES12 Security Update : openldap2 (SUSE-SU-2015:1077-1) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2015-004.NASL description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 82700 published 2015-04-10 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82700 title Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-526.NASL description OpenLDAP was updated to fix two security issues and one bug. The following vulnerabilities were fixed : - CVE-2015-1546: slapd crash in valueReturnFilter cleanup (bnc#916914) - CVE-2015-1545: slapd crashes on search with deref control and empty attr list (bnc#916897) The following non-security bug was fixed : - boo#905959: Prevent connection-0 (internal connection) from show up in the monitor backend last seen 2020-06-05 modified 2015-08-03 plugin id 85174 published 2015-08-03 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85174 title openSUSE Security Update : openldap2 (openSUSE-2015-526) NASL family MacOS X Local Security Checks NASL id MACOSX_10_10_3.NASL description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 82699 published 2015-04-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82699 title Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)
References
- http://secunia.com/advisories/62787
- http://www.openwall.com/lists/oss-security/2015/02/07/3
- http://www.openldap.org/its/?findid=8046
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:073
- https://support.apple.com/HT204659
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100938
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=2f1a2dd329b91afe561cd06b872d09630d4edb6a