CVE-2006-5779

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz	Broken Link Exploit
http://gleg.net/vulndisco_meta.shtml	Broken Link Exploit
http://secunia.com/advisories/22750	Broken Link Vendor Advisory
http://secunia.com/advisories/22953	Broken Link Vendor Advisory
http://secunia.com/advisories/22996	Broken Link Vendor Advisory
http://secunia.com/advisories/23125	Broken Link Vendor Advisory
http://secunia.com/advisories/23133	Broken Link Vendor Advisory
http://secunia.com/advisories/23152	Broken Link Vendor Advisory
http://secunia.com/advisories/23170	Broken Link Vendor Advisory
http://security.gentoo.org/glsa/glsa-200611-25.xml	Third Party Advisory
http://securityreason.com/securityalert/1831	Broken Link
http://securitytracker.com/id?1017166	Broken Link Exploit Third Party Advisory VDB Entry
http://www.mandriva.com/security/advisories?name=MDKSA-2006:208	Broken Link
http://www.novell.com/linux/security/advisories/2006_72_openldap2.html	Broken Link
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740	Exploit Issue Tracking
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html	Broken Link
http://www.securityfocus.com/archive/1/450728/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/20939	Broken Link Exploit Third Party Advisory VDB Entry
http://www.trustix.org/errata/2006/0066/	Broken Link
http://www.ubuntu.com/usn/usn-384-1	Third Party Advisory
http://www.vupen.com/english/advisories/2006/4379	Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30076	Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-820	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

History

08 Feb 2024, 02:20

Type	Values Removed	Values Added
References	~~() http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz - Exploit~~	() http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz - Broken Link, Exploit
References	~~() http://gleg.net/vulndisco_meta.shtml - Exploit~~	() http://gleg.net/vulndisco_meta.shtml - Broken Link, Exploit
References	~~() http://secunia.com/advisories/22750 - Vendor Advisory~~	() http://secunia.com/advisories/22750 - Broken Link, Vendor Advisory
References	~~() http://secunia.com/advisories/22953 - Vendor Advisory~~	() http://secunia.com/advisories/22953 - Broken Link, Vendor Advisory
References	~~() http://secunia.com/advisories/22996 - Vendor Advisory~~	() http://secunia.com/advisories/22996 - Broken Link, Vendor Advisory
References	~~() http://secunia.com/advisories/23125 - Vendor Advisory~~	() http://secunia.com/advisories/23125 - Broken Link, Vendor Advisory
References	~~() http://secunia.com/advisories/23133 - Vendor Advisory~~	() http://secunia.com/advisories/23133 - Broken Link, Vendor Advisory
References	~~() http://secunia.com/advisories/23152 - Vendor Advisory~~	() http://secunia.com/advisories/23152 - Broken Link, Vendor Advisory
References	~~() http://secunia.com/advisories/23170 - Vendor Advisory~~	() http://secunia.com/advisories/23170 - Broken Link, Vendor Advisory
References	~~() http://security.gentoo.org/glsa/glsa-200611-25.xml -~~	() http://security.gentoo.org/glsa/glsa-200611-25.xml - Third Party Advisory
References	~~() http://securityreason.com/securityalert/1831 -~~	() http://securityreason.com/securityalert/1831 - Broken Link
References	~~() http://securitytracker.com/id?1017166 - Exploit~~	() http://securitytracker.com/id?1017166 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References	~~() http://www.mandriva.com/security/advisories?name=MDKSA-2006:208 -~~	() http://www.mandriva.com/security/advisories?name=MDKSA-2006:208 - Broken Link
References	~~() http://www.novell.com/linux/security/advisories/2006_72_openldap2.html -~~	() http://www.novell.com/linux/security/advisories/2006_72_openldap2.html - Broken Link
References	~~() http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740 -~~	() http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740 - Exploit, Issue Tracking
References	~~() http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html -~~	() http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html - Broken Link
References	~~() http://www.securityfocus.com/archive/1/450728/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/450728/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/bid/20939 - Exploit~~	() http://www.securityfocus.com/bid/20939 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References	~~() http://www.trustix.org/errata/2006/0066/ -~~	() http://www.trustix.org/errata/2006/0066/ - Broken Link
References	~~() http://www.ubuntu.com/usn/usn-384-1 -~~	() http://www.ubuntu.com/usn/usn-384-1 - Third Party Advisory
References	~~() http://www.vupen.com/english/advisories/2006/4379 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2006/4379 - Broken Link, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/30076 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/30076 - Third Party Advisory, VDB Entry
References	~~() https://issues.rpath.com/browse/RPL-820 -~~	() https://issues.rpath.com/browse/RPL-820 - Broken Link
First Time		Canonical ubuntu Linux Canonical
CVSS	v2 : ~~5.0~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5
CPE	cpe:2.3:a:openldap:openldap:2.1.11:::::::* cpe:2.3:a:openldap:openldap:2.0.6:::::::* cpe:2.3:a:openldap:openldap:2.1.16:::::::* cpe:2.3:a:openldap:openldap:2.0:::::::* cpe:2.3:a:openldap:openldap:1.1.4:::::::* cpe:2.3:a:openldap:openldap:1.0.1:::::::* cpe:2.3:a:openldap:openldap:1.2.3:::::::* cpe:2.3:a:openldap:openldap:2.1.13:::::::* cpe:2.3:a:openldap:openldap:2.3.14:::::::* cpe:2.3:a:openldap:openldap:1.2.7:::::::* cpe:2.3:a:openldap:openldap:1.2.1:::::::* cpe:2.3:a:openldap:openldap:2.1.10:::::::* cpe:2.3:a:openldap:openldap:2.2.0:::::::* cpe:2.3:a:openldap:openldap:2.3.26:::::::* cpe:2.3:a:openldap:openldap:2.1.30:::::::* cpe:2.3:a:openldap:openldap:1.2.11:::::::* cpe:2.3:a:openldap:openldap:2.0.2:::::::* cpe:2.3:a:openldap:openldap:2.3.22:::::::* cpe:2.3:a:openldap:openldap:2.3.23:::::::* cpe:2.3:a:openldap:openldap:1.2.0:::::::* cpe:2.3:a:openldap:openldap:2.1.9:::::::* cpe:2.3:a:openldap:openldap:2.0.20:::::::* cpe:2.3:a:openldap:openldap:2.3.27:::::::* cpe:2.3:a:openldap:openldap:2.0.9:::::::* cpe:2.3:a:openldap:openldap:2.2.25:::::::* cpe:2.3:a:openldap:openldap:2.1.20:::::::* cpe:2.3:a:openldap:openldap:2.1.4:::::::* cpe:2.3:a:openldap:openldap:1.2.12:::::::* cpe:2.3:a:openldap:openldap:2.2.24:::::::* cpe:2.3:a:openldap:openldap:2.1.17:::::::* cpe:2.3:a:openldap:openldap:1.2.5:::::::* cpe:2.3:a:openldap:openldap:2.1.22:::::::* cpe:2.3:a:openldap:openldap:2.0.27:::::::* cpe:2.3:a:openldap:openldap:2.0.1:::::::* cpe:2.3:a:openldap:openldap:2.0.23:::::::* cpe:2.3:a:openldap:openldap:2.1.7:::::::* cpe:2.3:a:openldap:openldap:2.3.13:::::::* cpe:2.3:a:openldap:openldap:2.2.10:::::::* cpe:2.3:a:openldap:openldap:1.2.2:::::::* cpe:2.3:a:openldap:openldap:2.3.10:::::::* cpe:2.3:a:openldap:openldap:2.2.17:::::::* cpe:2.3:a:openldap:openldap:2.0.22:::::::* cpe:2.3:a:openldap:openldap:2.0.24:::::::* cpe:2.3:a:openldap:openldap:2.1.19:::::::* cpe:2.3:a:openldap:openldap:2.0.14:::::::* cpe:2.3:a:openldap:openldap:2.2.6:::::::* cpe:2.3:a:openldap:openldap:2.3.12:::::::* cpe:2.3:a:openldap:openldap:1.1.2:::::::* cpe:2.3:a:openldap:openldap:2.3.18:::::::* cpe:2.3:a:openldap:openldap:1.1:::::::* cpe:2.3:a:openldap:openldap:2.3.17:::::::* cpe:2.3:a:openldap:openldap:2.0.12:::::::* cpe:2.3:a:openldap:openldap:2.1.25:::::::* cpe:2.3:a:openldap:openldap:2.2.16:::::::* cpe:2.3:a:openldap:openldap:2.0.10:::::::* cpe:2.3:a:openldap:openldap:2.3.25:::::::* cpe:2.3:a:openldap:openldap:2.0.5:::::::* cpe:2.3:a:openldap:openldap:2.2.12:::::::* cpe:2.3:a:openldap:openldap:2.2.27:::::::* cpe:2.3:a:openldap:openldap:1.1.1:::::::* cpe:2.3:a:openldap:openldap:1.0.3:::::::* cpe:2.3:a:openldap:openldap:2.3.15:::::::* cpe:2.3:a:openldap:openldap:2.3.16:::::::* cpe:2.3:a:openldap:openldap:2.0.11:::::::* cpe:2.3:a:openldap:openldap:2.2.19:::::::* cpe:2.3:a:openldap:openldap:2.1.5:::::::* cpe:2.3:a:openldap:openldap:2.0.13:::::::* cpe:2.3:a:openldap:openldap:2.2.9:::::::* cpe:2.3:a:openldap:openldap:2.2.5:::::::* cpe:2.3:a:openldap:openldap:2.0.16:::::::* cpe:2.3:a:openldap:openldap:2.0.3:::::::* cpe:2.3:a:openldap:openldap:1.2.13:::::::* cpe:2.3:a:openldap:openldap:2.2.15:::::::* cpe:2.3:a:openldap:openldap:2.2.13:::::::* cpe:2.3:a:openldap:openldap:2.2.7:::::::* cpe:2.3:a:openldap:openldap:2.1.14:::::::* cpe:2.3:a:openldap:openldap:2.2.1:::::::* cpe:2.3:a:openldap:openldap:1.2.8:::::::* cpe:2.3:a:openldap:openldap:2.1.15:::::::* cpe:2.3:a:openldap:openldap:2.1.21:::::::* cpe:2.3:a:openldap:openldap:2.0.7:::::::* cpe:2.3:a:openldap:openldap:2.1.8:::::::* cpe:2.3:a:openldap:openldap:2.1.18:::::::* cpe:2.3:a:openldap:openldap:1.2.9:::::::* cpe:2.3:a:openldap:openldap:2.1.28:::::::* cpe:2.3:a:openldap:openldap:2.0.4:::::::* cpe:2.3:a:openldap:openldap:2.3.24:::::::* cpe:2.3:a:openldap:openldap:2.2.14:::::::* cpe:2.3:a:openldap:openldap:2.0.18:::::::* cpe:2.3:a:openldap:openldap:1.1.0:::::::* cpe:2.3:a:openldap:openldap:2.1.23:::::::* cpe:2.3:a:openldap:openldap:1.0.2:::::::* cpe:2.3:a:openldap:openldap:2.2.11:::::::* cpe:2.3:a:openldap:openldap:2.0.8:::::::* cpe:2.3:a:openldap:openldap:1.1.3:::::::* cpe:2.3:a:openldap:openldap:2.0.17:::::::* cpe:2.3:a:openldap:openldap:2.0.21:::::::* cpe:2.3:a:openldap:openldap:2.1.6:::::::* cpe:2.3:a:openldap:openldap:2.2.23:::::::* cpe:2.3:a:openldap:openldap:2.1.3:::::::* cpe:2.3:a:openldap:openldap:1.2.6:::::::* cpe:2.3:a:openldap:openldap:2.0.26:::::::* cpe:2.3:a:openldap:openldap:2.1.24:::::::* cpe:2.3:a:openldap:openldap:2.3.20:::::::* cpe:2.3:a:openldap:openldap:2.1.2:::::::* cpe:2.3:a:openldap:openldap:1.2:::::::* cpe:2.3:a:openldap:openldap:2.1.27:::::::* cpe:2.3:a:openldap:openldap:2.1.12:::::::* cpe:2.3:a:openldap:openldap:2.3.19:::::::* cpe:2.3:a:openldap:openldap:2.2.26:::::::* cpe:2.3:a:openldap:openldap:2.3.21:::::::* cpe:2.3:a:openldap:openldap:2.2.21:::::::* cpe:2.3:a:openldap:openldap:2.0.0:::::::* cpe:2.3:a:openldap:openldap:2.2.8:::::::* cpe:2.3:a:openldap:openldap:2.2.22:::::::* cpe:2.3:a:openldap:openldap:2.1.26:::::::* cpe:2.3:a:openldap:openldap:2.1.29:::::::* cpe:2.3:a:openldap:openldap:2.0.19:::::::* cpe:2.3:a:openldap:openldap:2.0.15:::::::* cpe:2.3:a:openldap:openldap:2.3.11:::::::* cpe:2.3:a:openldap:openldap:1.2.4:::::::* cpe:2.3:a:openldap:openldap:1.0:::::::* cpe:2.3:a:openldap:openldap:2.0.25:::::::* cpe:2.3:a:openldap:openldap:2.2.18:::::::* cpe:2.3:a:openldap:openldap:1.2.10:::::::* cpe:2.3:a:openldap:openldap:2.2.20:::::::* cpe:2.3:a:openldap:openldap:2.2.4:::::::*	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::* cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
CWE	~~CWE-399~~	CWE-617

Information

Published : 2006-11-07 18:07

Updated : 2024-02-08 02:20

NVD link : CVE-2006-5779

Mitre link : CVE-2006-5779

CVE.ORG link : CVE-2006-5779

JSON object : View

Products Affected

openldap

openldap

canonical

ubuntu_linux

CWE

CWE-617

Reachable Assertion

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2006-5779

7.5^/10

5.0^/10

Attach tags to `CVE-2006-5779`