Vulnerabilities > Openldap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-07-28 | CVE-2010-0212 | Permissions, Privileges, and Access Controls vulnerability in Openldap 2.4.22 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | 5.0 |
| 2009-10-23 | CVE-2009-3767 | Cryptographic Issues vulnerability in Openldap libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.8 |
| 2008-02-13 | CVE-2008-0658 | Resource Management Errors vulnerability in Openldap 2.3.39 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. | 4.0 |
| 2008-02-01 | CVE-2007-6698 | Resource Management Errors vulnerability in Openldap 2.0 The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. | 4.0 |
| 2006-12-13 | CVE-2006-6493 | Remote Security vulnerability in OpenLDAP Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data. | 5.1 |
| 2006-06-01 | CVE-2006-2754 | Remote Security vulnerability in OpenLDAP Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname. | 5.0 |
| 2004-12-31 | CVE-2004-1880 | Denial-Of-Service vulnerability in OpenLDAP Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption). | 5.0 |
| 2001-07-16 | CVE-2001-0977 | Denial of Service vulnerability in OpenLDAP slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. | 5.0 |
| 2000-10-20 | CVE-2000-0748 | Unspecified vulnerability in Openldap OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse. | 4.6 |