Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1545

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-1545
Last Modified 25 Aug 2015 10:00:45
Published 12 Feb 2015 11:59:06
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1545

Summary

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.

Vulnerable Systems

Application

  • Openldap 2.4.13

  • Openldap 2.4.14

  • Openldap 2.4.15

  • Openldap 2.4.16

  • Openldap 2.4.17

  • Openldap 2.4.18

  • Openldap 2.4.19

  • Openldap 2.4.20

  • Openldap 2.4.21

  • Openldap 2.4.22

  • Openldap 2.4.23

  • Openldap 2.4.24

  • Openldap 2.4.25

  • Openldap 2.4.26

  • Openldap 2.4.27

  • Openldap 2.4.28

  • Openldap 2.4.29

  • Openldap 2.4.30

  • Openldap 2.4.31

  • Openldap 2.4.32

  • Openldap 2.4.33

  • Openldap 2.4.34

  • Openldap 2.4.35

  • Openldap 2.4.36

  • Openldap 2.4.37

  • Openldap 2.4.38

  • Openldap 2.4.39

  • Openldap 2.4.40


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988

BID - 72519

MLIST - [oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues

CONFIRM - http://www.openldap.org/its/?findid=8027

CONFIRM - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c

SECUNIA - 62787

XF - openldap-cve20151545-dos(100937)

MANDRIVA - MDVSA-2015:074

MANDRIVA - MDVSA-2015:073

DEBIAN - DSA-3209

CONFIRM - https://support.apple.com/HT204659

APPLE - APPLE-SA-2015-04-08-2

SUSE - openSUSE-SU-2015:1325

Related Patches

Apple 2015-004 Security Update for Mac OS X 10.8.5 (HT204659)

Apple 2015-004 Security Update for Mac OS X 10.9.5 (HT204659)

Apple Yosemite 10.10.3 Update (Combo) for Mac OS X (HT204659)

Apple Yosemite 10.10.3 Update for Mac OS X (HT204659)


Last Updated: 27 May 2016 11:07:49