Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-4449

Published: 05/02/2014 Updated: 08/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Debian Linux

Vulnerability Summary

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and previous versions does not properly count references, which allows remote malicious users to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 7.0

debian debian linux 8.0

openldap openldap 2.4.16

openldap openldap 2.4.15

openldap openldap 2.4.29

openldap openldap 2.4.28

openldap openldap 2.4.20

openldap openldap 2.4.19

openldap openldap

openldap openldap 2.4.6

openldap openldap 2.4.7

openldap openldap 2.4.14

openldap openldap 2.4.13

openldap openldap 2.4.27

openldap openldap 2.4.26

openldap openldap 2.4.35

openldap openldap 2.4.34

openldap openldap 2.4.18

openldap openldap 2.4.17

openldap openldap 2.4.10

openldap openldap 2.4.30

openldap openldap 2.4.22

openldap openldap 2.4.21

openldap openldap 2.4.31

openldap openldap 2.4.23

openldap openldap 2.4.8

openldap openldap 2.4.9

openldap openldap 2.4.12

openldap openldap 2.4.11

openldap openldap 2.4.25

openldap openldap 2.4.24

openldap openldap 2.4.33

openldap openldap 2.4.32

Vendor Advisories

Red Hat: Moderate: openldap security and bug fix update
Synopsis Moderate: openldap security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated openldap packages that fix one security issue and one bug are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact ...
Ubuntu Security Notice: openldap vulnerabilities
OpenLDAP could be made to crash if it received specially crafted network traffic ...
Debian Security Advisories: DSA-3209-1 openldap -- security update
Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol CVE-2013-4449 Michael Vishchers from Seven Principles AG discovered a denial of service vulnerability in slapd, the directory server implementation When the server is configured to used the RWM overlay, an attacker ...
Debian CVElist Bug Report Logs: openldap: CVE-2013-4449
Debian Bug report logs - #729367 openldap: CVE-2013-4449 Package: openldap; Maintainer for openldap is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 12 Nov 2013 12:06:02 UTC Severity: important Tags: patch, security Found in vers ...
Debian CVElist Bug Report Logs: openldap: CVE-2015-1545: crashes on search with deref control and empty attr list
Debian Bug report logs - #776988 openldap: CVE-2015-1545: crashes on search with deref control and empty attr list Package: slapd; Maintainer for slapd is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Source for slapd is src:openldap (PTS, buildd, popcon) Reported by: Ryan Tandy <ryan@nardisca ...
Debian CVElist Bug Report Logs: slapd: CVE-2014-9713: dangerous access rule in default config
Debian Bug report logs - #761406 slapd: CVE-2014-9713: dangerous access rule in default config Package: slapd; Maintainer for slapd is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Source for slapd is src:openldap (PTS, buildd, popcon) Reported by: Dietrich Clauss <dietrich@clauss-itcom> ...
Amazon Linux AMI: ALAS-2014-294
The rwm overlay in OpenLDAP 2423, 2436, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search ...
Red Hat: CVE-2013-4449
The rwm overlay in OpenLDAP 2423, 2436, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search ...

Mailing Lists

Full Disclosure: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-12-10-3 macOS Catalina 10152, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra <! ...

References

CWE-189http://www.securitytracker.com/id/1029711http://www.openldap.org/its/index.cgi/Incoming?id=7723https://bugzilla.redhat.com/show_bug.cgi?id=1019490http://www.openwall.com/lists/oss-security/2013/10/19/3http://rhn.redhat.com/errata/RHSA-2014-0126.htmlhttp://www.securityfocus.com/bid/63190http://rhn.redhat.com/errata/RHSA-2014-0206.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:026http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-4449http://www.debian.org/security/2015/dsa-3209http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705https://support.apple.com/kb/HT210788https://seclists.org/bugtraq/2019/Dec/23http://seclists.org/fulldisclosure/2019/Dec/26https://access.redhat.com/errata/RHSA-2014:0126https://usn.ubuntu.com/2622-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-4449
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook