CVE-2015-6908
published 2015-09-11CVE-2015-6908: The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion…
PriorityP335medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
19.98%
97.1th percentile
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.11.1 | — |
| apple | os_x_el_capitan_10.11.2_security_update_2015-005_yosemite_and_security_update_20 | — | — |
| debian | openldap | < openldap 2.4.42+dfsg-2 (bookworm) | openldap 2.4.42+dfsg-2 (bookworm) |
| openldap | openldap | <= 2.4.42 | — |
| openldap | openldap | >= 0 < 2.4.42+dfsg-2 | 2.4.42+dfsg-2 |
| openldap | openldap | >= 0 < 2.4.42+dfsg-2 | 2.4.42+dfsg-2 |
| openldap | openldap | >= 0 < 2.4.42+dfsg-2 | 2.4.42+dfsg-2 |
| openldap | openldap | >= 0 < 2.4.42+dfsg-2 | 2.4.42+dfsg-2 |
| openldap | openldap | >= 0 < 2.4.31-1+nmu2ubuntu8.2 | 2.4.31-1+nmu2ubuntu8.2 |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
ff 84 84 84 84 84 77 83
- →Crash triggered in ber_get_next() at io.c:682 via assertion `0' failed — monitor slapd for SIGABRT/assertion failures in ber_get_next ↗
- →Attack targets slapd over LDAP (ldap:///); crafted BER packet begins with byte sequence ff 84 84 84 84 84 77 83 followed by 0a — inspect LDAP traffic for malformed BER length encodings ↗
- →Fix commit is 6fe51a9ab04fd28bbc171da3cf12f1c1040d6629 in git://git.openldap.org/openldap.git — absence of this commit indicates a vulnerable installation ↗
- ·Vulnerability affects OpenLDAP 2.4.42 and all earlier versions; slapd is the targeted daemon ↗
- ·Red Hat Enterprise Linux 4 will not receive a fix for this CVE ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-436x-9fhf-jq78: The ber_get_next function in libraries/liblber/io
ghsa_unreviewed·2022-05-17
CVE-2015-6908 [MEDIUM] CWE-20 GHSA-436x-9fhf-jq78: The ber_get_next function in libraries/liblber/io
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
OSV
openldap vulnerabilities
osv·2015-09-16·CVSS 4.0
CVE-2015-6908 [MEDIUM] openldap vulnerabilities
openldap vulnerabilities
Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER
data. A remote attacker could possibly use this issue to cause OpenLDAP to
crash, resulting in a denial of service. (CVE-2015-6908)
Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped
with a potentially unsafe default access control configuration. Depending
on how the database is configure, this may allow users to impersonate
others by modifying attributes such as their Unix user and group numbers.
(CVE-2014-9713)
OSV
CVE-2015-6908: The ber_get_next function in libraries/liblber/io
osv·2015-09-11·CVSS 5.0
CVE-2015-6908 [MEDIUM] CVE-2015-6908: The ber_get_next function in libraries/liblber/io
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
Ubuntu
OpenLDAP vulnerabilities
vendor_ubuntu·2015-09-16·CVSS 4.0
CVE-2014-9713 [MEDIUM] OpenLDAP vulnerabilities
Title: OpenLDAP vulnerabilities
Summary: Several security issues were fixed in OpenLDAP.
Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER
data. A remote attacker could possibly use this issue to cause OpenLDAP to
crash, resulting in a denial of service. (CVE-2015-6908)
Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped
with a potentially unsafe default access control configuration. Depending
on how the database is configure, this may allow users to impersonate
others by modifying attributes such as their Unix user and group numbers.
(CVE-2014-9713)
Instructions: In general, a standard system update will make all the necessary changes.
For existing installations, access rules that begin with "to *" need to be
manually adjusted to remove an
Red Hat
openldap: ber_get_next denial of service vulnerability
vendor_redhat·2015-09-09·CVSS 5.0
CVE-2015-6908 [MEDIUM] CWE-20 openldap: ber_get_next denial of service vulnerability
openldap: ber_get_next denial of service vulnerability
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet.
Package: openldap (Red Hat Enterprise Linux 4) - Will not fix
Debian
CVE-2015-6908: openldap - The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earli...
vendor_debian·2015·CVSS 5.0
CVE-2015-6908 [MEDIUM] CVE-2015-6908: openldap - The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earli...
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
Scope: local
bookworm: resolved (fixed in 2.4.42+dfsg-2)
bullseye: resolved (fixed in 2.4.42+dfsg-2)
forky: resolved (fixed in 2.4.42+dfsg-2)
sid: resolved (fixed in 2.4.42+dfsg-2)
trixie: resolved (fixed in 2.4.42+dfsg-2)
Apple
CVE-2015-6908: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
vendor_apple·CVSS 5.0
CVE-2015-6908 [MEDIUM] CVE-2015-6908: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
Apple Security Update: About the security content of OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
Product: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
CVE: CVE-2015-6908
Component: CVE-2015-6908
No detection rules found.
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1840.htmlhttp://www.debian.org/security/2015/dsa-3356http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdfhttp://www.securityfocus.com/bid/76714http://www.securitytracker.com/id/1033534http://www.ubuntu.com/usn/USN-2742-1https://support.apple.com/HT205637http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1840.htmlhttp://www.debian.org/security/2015/dsa-3356http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdfhttp://www.securityfocus.com/bid/76714http://www.securitytracker.com/id/1033534http://www.ubuntu.com/usn/USN-2742-1https://support.apple.com/HT205637
2015-09-11
Published