Vulnerability-Lookup

CVE-2007-6698 (GCVE-0-2007-6698)

Vulnerability from cvelistv5 – Published: 2008-02-02 02:00 – Updated: 2024-08-07 16:18

Summary

The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/29225	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1019480	vdb-entryx_refsource_SECTRACK
	http://www.openldap.org/lists/openldap-bugs/20070…	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/28817	third-party-advisoryx_refsource_SECUNIA
	http://wiki.rpath.com/Advisories:rPSA-2008-0059	x_refsource_CONFIRM
	http://secunia.com/advisories/29682	third-party-advisoryx_refsource_SECUNIA
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059	x_refsource_CONFIRM
	http://secunia.com/advisories/29256	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/488242/100…	mailing-listx_refsource_BUGTRAQ
	https://bugzilla.redhat.com/show_bug.cgi?id=431203	x_refsource_CONFIRM
	http://secunia.com/advisories/29068	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-584-1	vendor-advisoryx_refsource_UBUNTU
	http://www.redhat.com/support/errata/RHSA-2008-01…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/28953	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1541	vendor-advisoryx_refsource_DEBIAN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.openldap.org/lists/openldap-bugs/20070…	mailing-listx_refsource_MLIST
	http://www.vupen.com/english/advisories/2009/3184	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/29957	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/26245	vdb-entryx_refsource_BID
	http://support.apple.com/kb/HT3937	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:18:20.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2008:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
          },
          {
            "name": "MDVSA-2008:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:058"
          },
          {
            "name": "29225",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29225"
          },
          {
            "name": "1019480",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019480"
          },
          {
            "name": "[openldap-bugs] 20070411 (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html"
          },
          {
            "name": "28817",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28817"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0059"
          },
          {
            "name": "29682",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29682"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059"
          },
          {
            "name": "29256",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29256"
          },
          {
            "name": "20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/488242/100/200/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431203"
          },
          {
            "name": "29068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29068"
          },
          {
            "name": "USN-584-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-584-1"
          },
          {
            "name": "RHSA-2008:0110",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0110.html"
          },
          {
            "name": "28953",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28953"
          },
          {
            "name": "DSA-1541",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1541"
          },
          {
            "name": "oval:org.mitre.oval:def:10748",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748"
          },
          {
            "name": "FEDORA-2008-1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html"
          },
          {
            "name": "[openldap-bugs] 20070411 Re: (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html"
          },
          {
            "name": "ADV-2009-3184",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "29957",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29957"
          },
          {
            "name": "26245",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26245"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-11T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T00:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2008:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
        },
        {
          "name": "MDVSA-2008:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:058"
        },
        {
          "name": "29225",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29225"
        },
        {
          "name": "1019480",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019480"
        },
        {
          "name": "[openldap-bugs] 20070411 (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html"
        },
        {
          "name": "28817",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28817"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0059"
        },
        {
          "name": "29682",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29682"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059"
        },
        {
          "name": "29256",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29256"
        },
        {
          "name": "20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/488242/100/200/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431203"
        },
        {
          "name": "29068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29068"
        },
        {
          "name": "USN-584-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-584-1"
        },
        {
          "name": "RHSA-2008:0110",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0110.html"
        },
        {
          "name": "28953",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28953"
        },
        {
          "name": "DSA-1541",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1541"
        },
        {
          "name": "oval:org.mitre.oval:def:10748",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748"
        },
        {
          "name": "FEDORA-2008-1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html"
        },
        {
          "name": "[openldap-bugs] 20070411 Re: (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html"
        },
        {
          "name": "ADV-2009-3184",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3184"
        },
        {
          "name": "APPLE-SA-2009-11-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
        },
        {
          "name": "29957",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29957"
        },
        {
          "name": "26245",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26245"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3937"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6698",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2008:010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
            },
            {
              "name": "MDVSA-2008:058",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:058"
            },
            {
              "name": "29225",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29225"
            },
            {
              "name": "1019480",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019480"
            },
            {
              "name": "[openldap-bugs] 20070411 (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash",
              "refsource": "MLIST",
              "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html"
            },
            {
              "name": "28817",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28817"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0059",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0059"
            },
            {
              "name": "29682",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29682"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059"
            },
            {
              "name": "29256",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29256"
            },
            {
              "name": "20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/488242/100/200/threaded"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=431203",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431203"
            },
            {
              "name": "29068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29068"
            },
            {
              "name": "USN-584-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-584-1"
            },
            {
              "name": "RHSA-2008:0110",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0110.html"
            },
            {
              "name": "28953",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28953"
            },
            {
              "name": "DSA-1541",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1541"
            },
            {
              "name": "oval:org.mitre.oval:def:10748",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748"
            },
            {
              "name": "FEDORA-2008-1307",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html"
            },
            {
              "name": "[openldap-bugs] 20070411 Re: (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash",
              "refsource": "MLIST",
              "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html"
            },
            {
              "name": "ADV-2009-3184",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3184"
            },
            {
              "name": "APPLE-SA-2009-11-09-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
            },
            {
              "name": "29957",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29957"
            },
            {
              "name": "26245",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26245"
            },
            {
              "name": "http://support.apple.com/kb/HT3937",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3937"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6698",
    "datePublished": "2008-02-02T02:00:00.000Z",
    "dateReserved": "2008-02-01T05:00:00.000Z",
    "dateUpdated": "2024-08-07T16:18:20.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2007-6698

Vulnerability from fkie_nvd - Published: 2008-02-01 22:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html
cve@mitre.org	http://secunia.com/advisories/28817	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28953	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29068	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29225	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29256
cve@mitre.org	http://secunia.com/advisories/29682	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29957	Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT3937
cve@mitre.org	http://wiki.rpath.com/Advisories:rPSA-2008-0059
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059
cve@mitre.org	http://www.debian.org/security/2008/dsa-1541
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:058
cve@mitre.org	http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html
cve@mitre.org	http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0110.html
cve@mitre.org	http://www.securityfocus.com/archive/1/488242/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26245
cve@mitre.org	http://www.securitytracker.com/id?1019480
cve@mitre.org	http://www.ubuntu.com/usn/usn-584-1
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3184	Vendor Advisory
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=431203
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28817	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28953	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29068	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29225	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29256
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29682	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29957	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3937
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2008-0059
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1541
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:058
af854a3a-2127-422b-91ae-364da2661108	http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0110.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/488242/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26245
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019480
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-584-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3184	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=431203
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html

Impacted products

	Vendor	Product	Version
	openldap	openldap	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44D78472-79A1-4DFD-8DAB-6AF7470C82B4",
              "versionEndIncluding": "2.3.35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability."
    },
    {
      "lang": "es",
      "value": "El backend de BDB para slapd en OpenLDAP versiones anteriores a 2.3.36, permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de una operaci\u00f3n de modificaci\u00f3n potencialmente con \u00e9xito con el control NOOP establecido en cr\u00edtico, posiblemente debido a una vulnerabilidad de doble liberaci\u00f3n."
    }
  ],
  "id": "CVE-2007-6698",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-01T22:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28817"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28953"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29068"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29225"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29256"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29682"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29957"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0059"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1541"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:058"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0110.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/488242/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26245"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019480"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-584-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431203"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28817"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488242/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-584-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2009-AVI-487

Vulnerability from certfr_avis - Published: 2009-11-10 - Updated: 2009-11-10

De multiples vulnérabilités dans Apple MacOS X permettent entre autres l'exécution de code arbitraire à distance.

Description

L'éditeur Apple a publié un ensemble de correctifs pour les applications livrées avec son système d'exploitation Mac OS X. L'exploitation des vulnérabilités par une personne malintentionnée pourrait permettre, entre autres, l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3937 du 09 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nL\u0027\u00e9diteur Apple a publi\u00e9 un ensemble de correctifs pour les applications\nlivr\u00e9es avec son syst\u00e8me d\u0027exploitation Mac OS X. L\u0027exploitation des\nvuln\u00e9rabilit\u00e9s par une personne malintentionn\u00e9e pourrait permettre,\nentre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2832"
    },
    {
      "name": "CVE-2009-3293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3293"
    },
    {
      "name": "CVE-2009-2820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2820"
    },
    {
      "name": "CVE-2009-1890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1890"
    },
    {
      "name": "CVE-2009-3292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3292"
    },
    {
      "name": "CVE-2009-2839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2839"
    },
    {
      "name": "CVE-2009-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2825"
    },
    {
      "name": "CVE-2009-2810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2810"
    },
    {
      "name": "CVE-2009-2411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2411"
    },
    {
      "name": "CVE-2009-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2408"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2798"
    },
    {
      "name": "CVE-2007-6698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6698"
    },
    {
      "name": "CVE-2009-2833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2833"
    },
    {
      "name": "CVE-2009-2203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2203"
    },
    {
      "name": "CVE-2009-2823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2823"
    },
    {
      "name": "CVE-2009-2840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2840"
    },
    {
      "name": "CVE-2009-2824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2824"
    },
    {
      "name": "CVE-2009-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2819"
    },
    {
      "name": "CVE-2009-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
    },
    {
      "name": "CVE-2009-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
    },
    {
      "name": "CVE-2009-2838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2838"
    },
    {
      "name": "CVE-2009-1632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
    },
    {
      "name": "CVE-2009-2818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2818"
    },
    {
      "name": "CVE-2009-1956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
    },
    {
      "name": "CVE-2007-5707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5707"
    },
    {
      "name": "CVE-2008-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0658"
    },
    {
      "name": "CVE-2009-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
    },
    {
      "name": "CVE-2009-1195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1195"
    },
    {
      "name": "CVE-2009-1191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1191"
    },
    {
      "name": "CVE-2009-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2808"
    },
    {
      "name": "CVE-2009-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2830"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2009-3111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3111"
    },
    {
      "name": "CVE-2009-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2829"
    },
    {
      "name": "CVE-2009-2826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2826"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2009-3291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3291"
    },
    {
      "name": "CVE-2009-2837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2837"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    },
    {
      "name": "CVE-2009-2836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2836"
    },
    {
      "name": "CVE-2009-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2799"
    },
    {
      "name": "CVE-2009-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
    },
    {
      "name": "CVE-2009-2835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2835"
    },
    {
      "name": "CVE-2009-2831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2831"
    },
    {
      "name": "CVE-2009-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3235"
    },
    {
      "name": "CVE-2009-1955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
    },
    {
      "name": "CVE-2009-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2828"
    },
    {
      "name": "CVE-2009-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2202"
    }
  ],
  "initial_release_date": "2009-11-10T00:00:00",
  "last_revision_date": "2009-11-10T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-487",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X permettent entre autres\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3937 du 09 novembre 2009",
      "url": "http://docs.info.apple.com/article.html?artnum=HT3937"
    }
  ]
}

CERTA-2008-AVI-081

Vulnerability from certfr_avis - Published: 2008-02-13 - Updated: 2008-02-13

Une vulnérabilité dans OpenLDAP permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

La fonction modrdn sert à modifier les noms relatifs (RDN ou Relative Distinguished Name). Une erreur dans cette fonction est exploitable par un utilisateur malveillant pour exécuter du code arbitraire à distance sur un serveur vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

OpenLDAP, versions 2.3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-584-1 du 05 mars 2008 :	-	other
Site de téléchargement du projet OpenLDAP :	-	other
Bulletin de sécurité RedHat RHSA-2008:0110-3 du 21 février 2008 :	-	other
Bulletin de sécurité Debian DSA 1541-1 du 08 avril 2008 :	-	other
Bulletin de sécurité Gentoo GLSA-200803-28 du 19 mars 2008 :	-	other
Bulletin de sécurité Mandriva MDKSA-2008:058 du 05 mars 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cSPAN class=\"textit\"\u003eOpenLDAP\u003c/SPAN\u003e,  versions 2.3.x.",
  "content": "## Description\n\nLa fonction modrdn sert \u00e0 modifier les noms relatifs (RDN ou Relative\nDistinguished Name). Une erreur dans cette fonction est exploitable par\nun utilisateur malveillant pour ex\u00e9cuter du code arbitraire \u00e0 distance\nsur un serveur vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5708"
    },
    {
      "name": "CVE-2007-6698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6698"
    },
    {
      "name": "CVE-2007-5707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5707"
    },
    {
      "name": "CVE-2008-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0658"
    }
  ],
  "initial_release_date": "2008-02-13T00:00:00",
  "last_revision_date": "2008-02-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-584-1 du 05 mars 2008 :",
      "url": "http://www.ubuntulinux.org/usn/usn-584-1"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement du projet OpenLDAP :",
      "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0110-3 du 21 f\u00e9vrier    2008 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0110-3.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1541-1 du 08 avril 2008 :",
      "url": "http://lists.debian.org/debian-security-announce/2008/msg00111.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200803-28 du 19 mars 2008    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-28.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2008:058 du 05 mars    2008 :",
      "url": "http://www.mandriva.com/archives/security/advisories"
    }
  ],
  "reference": "CERTA-2008-AVI-081",
  "revisions": [
    {
      "description": "ajout des r\u00e9f\u00e9rences Debian, Gentoo, Mandriva, Redhat, Ubuntu.",
      "revision_date": "2008-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eOpenLDAP\u003c/span\u003e permet \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans OpenLDAP",
  "vendor_advisories": []
}

GSD-2007-6698

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-6698

Aliases

CVE-2007-6698

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6698",
    "description": "The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.",
    "id": "GSD-2007-6698",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-6698.html",
      "https://www.debian.org/security/2008/dsa-1541",
      "https://access.redhat.com/errata/RHSA-2008:0110",
      "https://linux.oracle.com/cve/CVE-2007-6698.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6698"
      ],
      "details": "The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.",
      "id": "GSD-2007-6698",
      "modified": "2023-12-13T01:21:38.338843Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6698",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SUSE-SR:2008:010",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
          },
          {
            "name": "MDVSA-2008:058",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:058"
          },
          {
            "name": "29225",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29225"
          },
          {
            "name": "1019480",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019480"
          },
          {
            "name": "[openldap-bugs] 20070411 (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash",
            "refsource": "MLIST",
            "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html"
          },
          {
            "name": "28817",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28817"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0059",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0059"
          },
          {
            "name": "29682",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29682"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059"
          },
          {
            "name": "29256",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29256"
          },
          {
            "name": "20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/488242/100/200/threaded"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=431203",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431203"
          },
          {
            "name": "29068",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29068"
          },
          {
            "name": "USN-584-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-584-1"
          },
          {
            "name": "RHSA-2008:0110",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0110.html"
          },
          {
            "name": "28953",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28953"
          },
          {
            "name": "DSA-1541",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1541"
          },
          {
            "name": "oval:org.mitre.oval:def:10748",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748"
          },
          {
            "name": "FEDORA-2008-1307",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html"
          },
          {
            "name": "[openldap-bugs] 20070411 Re: (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash",
            "refsource": "MLIST",
            "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html"
          },
          {
            "name": "ADV-2009-3184",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "29957",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29957"
          },
          {
            "name": "26245",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26245"
          },
          {
            "name": "http://support.apple.com/kb/HT3937",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3937"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.35",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6698"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[openldap-bugs] 20070411 (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html"
            },
            {
              "name": "[openldap-bugs] 20070411 Re: (ITS#4925) Modify operation with NOOP control on a BDB backend causes slapd to crash",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=431203",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431203"
            },
            {
              "name": "FEDORA-2008-1307",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html"
            },
            {
              "name": "28817",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28817"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059"
            },
            {
              "name": "26245",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26245"
            },
            {
              "name": "28953",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28953"
            },
            {
              "name": "RHSA-2008:0110",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0110.html"
            },
            {
              "name": "1019480",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019480"
            },
            {
              "name": "29068",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29068"
            },
            {
              "name": "MDVSA-2008:058",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:058"
            },
            {
              "name": "USN-584-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-584-1"
            },
            {
              "name": "29225",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29225"
            },
            {
              "name": "29256",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29256"
            },
            {
              "name": "DSA-1541",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1541"
            },
            {
              "name": "29682",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29682"
            },
            {
              "name": "SUSE-SR:2008:010",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
            },
            {
              "name": "29957",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29957"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0059",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0059"
            },
            {
              "name": "http://support.apple.com/kb/HT3937",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3937"
            },
            {
              "name": "APPLE-SA-2009-11-09-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
            },
            {
              "name": "ADV-2009-3184",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3184"
            },
            {
              "name": "oval:org.mitre.oval:def:10748",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748"
            },
            {
              "name": "20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/488242/100/200/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:56Z",
      "publishedDate": "2008-02-01T22:00Z"
    }
  }
}

GHSA-9XCF-R85J-W8GV

Vulnerability from github – Published: 2022-05-01 18:45 – Updated: 2022-05-01 18:45

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6698"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-02-01T22:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.",
  "id": "GHSA-9xcf-r85j-w8gv",
  "modified": "2022-05-01T18:45:31Z",
  "published": "2022-05-01T18:45:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6698"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431203"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28817"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28953"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29068"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29225"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29256"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29682"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29957"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0059"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1541"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:058"
    },
    {
      "type": "WEB",
      "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0110.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/488242/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26245"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019480"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-584-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-6698 (GCVE-0-2007-6698)

FKIE_CVE-2007-6698

CERTA-2009-AVI-487

Description

Solution

CERTA-2008-AVI-081

Description

Solution

GSD-2007-6698

GHSA-9XCF-R85J-W8GV

Tags

Sightings

Nomenclature