Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2754

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2754
Last Modified 07 Mar 2011 09:36:57
Published 01 Jun 2006 01:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2754

Summary

Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.

Vulnerable Systems

Application

  • Openldap 2.2.1

  • Openldap 2.2.11

  • Openldap 2.2.12

  • Openldap 2.2.13

  • Openldap 2.2.14

  • Openldap 2.2.15

  • Openldap 2.2.16

  • Openldap 2.2.17

  • Openldap 2.2.18

  • Openldap 2.2.19

  • Openldap 2.2.20

  • Openldap 2.2.21


References

OPENPKG - OpenPKG-SA-2006.008

CONFIRM - http://www.openldap.org/software/release/changes.html

CONFIRM - http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c?hideattic=1&sortbydate=0#rev1.22

CONFIRM - http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c.diff?r1=1.21&r2=1.22&hideattic=1&sortbydate=0&f=h

SECUNIA - 20126

VUPEN - ADV-2006-1921

OSVDB - 25659

UBUNTU - USN-305-1

BUGTRAQ - 20060609 rPSA-2006-0099-1 openldap openldap-clients openldap-servers

MANDRIVA - MDKSA-2006:096

GENTOO - GLSA-200606-17

SECUNIA - 20848

SECUNIA - 20685

SECUNIA - 20495


Last Updated: 27 May 2016 10:42:44