CVE-2006-1470
published 2006-06-27CVE-2006-1470: OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.04%
94.1th percentile
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2006-1470 OpenLDAP Denial of Service
bugzilla·2006-08-15·CVSS 5.0
CVE-2006-1470 [MEDIUM] CVE-2006-1470 OpenLDAP Denial of Service
CVE-2006-1470 OpenLDAP Denial of Service
Needed for FC6
+++ This bug was initially created as a clone of Bug #197278 +++
OpenLDAP Denial of Service
A denial of service bug was found in the way OpenLDAP processes
certain messages. It is possible for an unauthenticated remote
attacker to crash the OpenLDAP slapd server.
The original advisories are here:
http://labs.musecurity.com/advisories/MU-200606-02.txt
http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html
This issue also affects FC4
-- Additional comment from [email protected] on 2006-08-15 10:39 EST --
Mu Security reported a denial-of-service vulnerability in Mac OS X's
OpenLDAP slapd. The issue was caused by assertions in the message
processing code--- some "default:" labels were handled with "assert()".
This
Bugzilla
CVE-2006-1470 OpenLDAP Denial of Service
bugzilla·2006-06-29·CVSS 5.0
CVE-2006-1470 [MEDIUM] CVE-2006-1470 OpenLDAP Denial of Service
CVE-2006-1470 OpenLDAP Denial of Service
OpenLDAP Denial of Service
A denial of service bug was found in the way OpenLDAP processes
certain messages. It is possible for an unauthenticated remote
attacker to crash the OpenLDAP slapd server.
The original advisories are here:
http://labs.musecurity.com/advisories/MU-200606-02.txt
http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html
This issue also affects FC4
Discussion:
openldap-2.3.30-2.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
---
openldap-2.3.30-2.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in
http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.htmlhttp://secunia.com/advisories/20877http://securitytracker.com/id?1016396http://www.kb.cert.org/vuls/id/652196http://www.osvdb.org/26932http://www.securityfocus.com/bid/18686http://www.securityfocus.com/bid/18728http://www.vupen.com/english/advisories/2006/2566https://exchange.xforce.ibmcloud.com/vulnerabilities/27480http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.htmlhttp://secunia.com/advisories/20877http://securitytracker.com/id?1016396http://www.kb.cert.org/vuls/id/652196http://www.osvdb.org/26932http://www.securityfocus.com/bid/18686http://www.securityfocus.com/bid/18728http://www.vupen.com/english/advisories/2006/2566https://exchange.xforce.ibmcloud.com/vulnerabilities/27480
2006-06-27
Published