CVE-2006-5779
published 2006-11-07CVE-2006-5779: OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
75.37%
99.5th percentile
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| openldap | openldap | < 2.3.29 | 2.3.29 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target LDAP BIND requests containing abnormally long authcid (authentication identity) names, which trigger an assertion failure and crash the OpenLDAP daemon ↗
- →Monitor for unexpected OpenLDAP daemon (slapd) crashes or aborts following receipt of BIND requests, as the assert causes program abort ↗
- ·Red Hat Enterprise Linux 4 and earlier are NOT vulnerable as they do not contain the vulnerable code path; RHEL 5 is also not vulnerable due to a backported patch — do not apply detection effort to these platforms ↗
- ·Only OpenLDAP versions prior to 2.3.29 are vulnerable; systems running 2.3.29 or later are not affected ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenLDAP vulnerability
vendor_ubuntu·2006-11-21
CVE-2006-5779 OpenLDAP vulnerability
Title: OpenLDAP vulnerability
Summary: OpenLDAP vulnerability
Evgeny Legerov discovered that the OpenLDAP libraries did not correctly
truncate authcid names. This situation would trigger an assert and
abort the program using the libraries. A remote attacker could send
specially crafted bind requests that would lead to an LDAP server denial
of service.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
CVE-2006-5779: OpenLDAP before 2
vendor_redhat·CVSS 7.5
CVE-2006-5779 [HIGH] CVE-2006-5779: OpenLDAP before 2
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
Statement: Not Vulnerable. The OpenLDAP versions shipped with Red Hat Enterprise Linux 4 and earlier do not contain the vulnerable code in question. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
GHSA
GHSA-5794-fx2j-p63j: OpenLDAP before 2
ghsa_unreviewed·2022-05-01
CVE-2006-5779 [MEDIUM] CWE-617 GHSA-5794-fx2j-p63j: OpenLDAP before 2
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gzhttp://gleg.net/vulndisco_meta.shtmlhttp://secunia.com/advisories/22750http://secunia.com/advisories/22953http://secunia.com/advisories/22996http://secunia.com/advisories/23125http://secunia.com/advisories/23133http://secunia.com/advisories/23152http://secunia.com/advisories/23170http://security.gentoo.org/glsa/glsa-200611-25.xmlhttp://securityreason.com/securityalert/1831http://securitytracker.com/id?1017166http://www.mandriva.com/security/advisories?name=MDKSA-2006:208http://www.novell.com/linux/security/advisories/2006_72_openldap2.htmlhttp://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.htmlhttp://www.securityfocus.com/archive/1/450728/100/0/threadedhttp://www.securityfocus.com/bid/20939http://www.trustix.org/errata/2006/0066/http://www.ubuntu.com/usn/usn-384-1http://www.vupen.com/english/advisories/2006/4379https://exchange.xforce.ibmcloud.com/vulnerabilities/30076https://issues.rpath.com/browse/RPL-820http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gzhttp://gleg.net/vulndisco_meta.shtmlhttp://secunia.com/advisories/22750http://secunia.com/advisories/22953http://secunia.com/advisories/22996http://secunia.com/advisories/23125http://secunia.com/advisories/23133http://secunia.com/advisories/23152http://secunia.com/advisories/23170http://security.gentoo.org/glsa/glsa-200611-25.xmlhttp://securityreason.com/securityalert/1831http://securitytracker.com/id?1017166http://www.mandriva.com/security/advisories?name=MDKSA-2006:208http://www.novell.com/linux/security/advisories/2006_72_openldap2.htmlhttp://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.htmlhttp://www.securityfocus.com/archive/1/450728/100/0/threadedhttp://www.securityfocus.com/bid/20939http://www.trustix.org/errata/2006/0066/http://www.ubuntu.com/usn/usn-384-1http://www.vupen.com/english/advisories/2006/4379https://exchange.xforce.ibmcloud.com/vulnerabilities/30076https://issues.rpath.com/browse/RPL-820
2006-11-07
Published