CVE-2006-5779
HIGHOpenLDAP < 2.3.29 - Denial of Service via Long Authcid in LDAP BIND Request
Title source: llmDescription
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
References (23)
Core 23
Core References
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23133
Broken Link vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_72_openldap2.html
Broken Link, Exploit x_refsource_misc
http://gleg.net/vulndisco_meta.shtml
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-820
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23170
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017166
Broken Link vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/2006/0066/
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:208
Broken Link, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4379
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20939
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-384-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30076
Exploit, Issue Tracking x_refsource_confirm
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23152
Broken Link, Exploit x_refsource_misc
http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22996
Broken Link vendor-advisory
x_refsource_openpkg
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22953
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23125
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/450728/100/0/threaded
Broken Link third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1831
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200611-25.xml
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22750
Scores
CVSS v3
7.5
EPSS
0.7537
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-617
Status
published
Products (4)
canonical/ubuntu_linux
5.10
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
6.10
openldap/openldap
< 2.3.29
Published
Nov 07, 2006
Tracked Since
Feb 18, 2026