cbcvebase.
CVE-2015-6908
published 2015-09-11

CVE-2015-6908: The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion…

PriorityP335medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
19.98%
97.1th percentile
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Affected

9 ranges
VendorProductVersion rangeFixed in
applemac_os_x<= 10.11.1
appleos_x_el_capitan_10.11.2_security_update_2015-005_yosemite_and_security_update_20
debianopenldap< openldap 2.4.42+dfsg-2 (bookworm)openldap 2.4.42+dfsg-2 (bookworm)
openldapopenldap<= 2.4.42
openldapopenldap>= 0 < 2.4.42+dfsg-22.4.42+dfsg-2
openldapopenldap>= 0 < 2.4.42+dfsg-22.4.42+dfsg-2
openldapopenldap>= 0 < 2.4.42+dfsg-22.4.42+dfsg-2
openldapopenldap>= 0 < 2.4.42+dfsg-22.4.42+dfsg-2
openldapopenldap>= 0 < 2.4.31-1+nmu2ubuntu8.22.4.31-1+nmu2ubuntu8.2

Detection & IOCsextracted from sources · hover to see the quote

pathlibraries/liblber/io.c
bytes
ff 84 84 84 84 84 77 83
  • Crash triggered in ber_get_next() at io.c:682 via assertion `0' failed — monitor slapd for SIGABRT/assertion failures in ber_get_next
  • Attack targets slapd over LDAP (ldap:///); crafted BER packet begins with byte sequence ff 84 84 84 84 84 77 83 followed by 0a — inspect LDAP traffic for malformed BER length encodings
  • Fix commit is 6fe51a9ab04fd28bbc171da3cf12f1c1040d6629 in git://git.openldap.org/openldap.git — absence of this commit indicates a vulnerable installation
  • ·Vulnerability affects OpenLDAP 2.4.42 and all earlier versions; slapd is the targeted daemon
  • ·Red Hat Enterprise Linux 4 will not receive a fix for this CVE

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.