Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2012-1164

Published: 29/06/2012 Updated: 07/01/2017
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Subscribe to Openldap

Vulnerability Summary

slapd in OpenLDAP prior to 2.4.30 allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.

Vulnerable Product Search on Vulmon Subscribe to Product

openldap openldap 2.4.24

openldap openldap 2.4.23

openldap openldap 2.4.15

openldap openldap 2.4.14

openldap openldap 2.4.7

openldap openldap 2.4.6

openldap openldap

openldap openldap 2.4.22

openldap openldap 2.4.21

openldap openldap 2.4.13

openldap openldap 2.4.12

openldap openldap 2.4.26

openldap openldap 2.4.25

openldap openldap 2.4.17

openldap openldap 2.4.16

openldap openldap 2.4.9

openldap openldap 2.4.8

openldap openldap 2.4.28

openldap openldap 2.4.27

openldap openldap 2.4.20

openldap openldap 2.4.19

openldap openldap 2.4.18

openldap openldap 2.4.11

openldap openldap 2.4.10

Vendor Advisories

Red Hat: Low: openldap security and bug fix update
Synopsis Low: openldap security and bug fix update Type/Severity Security Advisory: Low Topic Updated openldap packages that fix one security issue and several bugs arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having lowsecurity impact A Common ...
Ubuntu Security Notice: openldap vulnerabilities
OpenLDAP could be made to crash if it received specially crafted network traffic ...
Debian CVElist Bug Report Logs: openldap: CVE-2015-1545: crashes on search with deref control and empty attr list
Debian Bug report logs - #776988 openldap: CVE-2015-1545: crashes on search with deref control and empty attr list Package: slapd; Maintainer for slapd is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Source for slapd is src:openldap (PTS, buildd, popcon) Reported by: Ryan Tandy <ryan@nardisca ...
Debian CVElist Bug Report Logs: [CVE-2012-1164] openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry
Debian Bug report logs - #663644 [CVE-2012-1164] openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry Package: openldap; Maintainer for openldap is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Reported by: Luciano Bello <luciano@debian ...
Debian CVElist Bug Report Logs: slapd: CVE-2014-9713: dangerous access rule in default config
Debian Bug report logs - #761406 slapd: CVE-2014-9713: dangerous access rule in default config Package: slapd; Maintainer for slapd is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Source for slapd is src:openldap (PTS, buildd, popcon) Reported by: Dietrich Clauss <dietrich@clauss-itcom> ...
Amazon Linux AMI: ALAS-2012-101
A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values In certain configurations, a remote attacker could issue a specially-crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure (CVE-2012-11 ...

Mailing Lists

Full Disclosure: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-12-10-3 macOS Catalina 10152, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra <! ...

References

CWE-119http://secunia.com/advisories/48372http://secunia.com/advisories/49607http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7143http://rhn.redhat.com/errata/RHSA-2012-0899.htmlhttp://www.openldap.org/software/release/changes.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:130http://www.securityfocus.com/bid/52404http://security.gentoo.org/glsa/glsa-201406-36.xmlhttps://support.apple.com/kb/HT210788https://seclists.org/bugtraq/2019/Dec/23http://seclists.org/fulldisclosure/2019/Dec/26https://access.redhat.com/errata/RHSA-2012:0899https://usn.ubuntu.com/2622-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook