Debian Libnss-Ldap vulnerabilities

5 known vulnerabilities affecting debian/libnss-ldap.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH1MEDIUM2LOW1

Vulnerabilities

Page 1 of 1

CVE-2007-5794MEDIUMCVSS 4.3fixed in libnss-ldap 256-1 (bullseye)2007

CVE-2007-5794 [MEDIUM] CVE-2007-5794: libnss-ldap - Race condition in nss_ldap, when used in applications that are linked against th... Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affec

CVE-2005-2069MEDIUMCVSS 5.0fixed in libnss-ldap 238-1.1 (bullseye)2005

CVE-2005-2069 [MEDIUM] CVE-2005-2069: libnss-ldap - pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using T... pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. Scope: local bullseye: resolved (fixed in 238-1.1)

CVE-2005-2377LOWCVSS 5.02005

CVE-2005-2377 [MEDIUM] CVE-2005-2377: libnss-ldap - nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Ma... nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to becom

CVE-2003-0734CRITICALCVSS 10.0fixed in libnss-ldap 207-1 (bullseye)2003

CVE-2003-0734 [CRITICAL] CVE-2003-0734: libnss-ldap - Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162... Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system. Scope: local bullseye: resolved (fixed in 207-1)

CVE-2002-0825HIGHCVSS 7.5fixed in libnss-ldap 199-1 (bullseye)2002

CVE-2002-0825 [HIGH] CVE-2002-0825: libnss-ldap - Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remo... Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code. Scope: local bullseye: resolved (fixed in 199-1)