CVE-2006-6493

OpenLDAP < 2.4.3 - Buffer Overflow via LDAP Bind Request with Long Credential Data

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6493. PoCs published by Solar Eclipse.

AI-analyzed exploit summary This exploit targets a remote buffer overflow in OpenLDAP servers compiled with Kerberos IV bind support (--enable-kbind). It sends a maliciously crafted LDAP bind request to execute shellcode, resulting in remote code execution.

Description

Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Solar Eclipse · cremotelinux

https://www.exploit-db.com/exploits/2933

View Code ZIP pw:eip

This exploit targets a remote buffer overflow in OpenLDAP servers compiled with Kerberos IV bind support (--enable-kbind). It sends a maliciously crafted LDAP bind request to execute shellcode, resulting in remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenLDAP with --enable-kbind (deprecated Kerberos IV bind)

No auth needed

Prerequisites: OpenLDAP server compiled with --enable-kbind · Network access to the LDAP service

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/454181/30/0/threaded

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2023

Exploit x_refsource_misc

http://www.phreedom.org/solar/exploits/openldap-kbind

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23334

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/4964

Scores

EPSS 0.0919

EPSS Percentile 94.7%

Details

Status published

Products (50)

openldap/openldap 1.0

openldap/openldap 1.0.1

openldap/openldap 1.0.2

openldap/openldap 1.0.3

openldap/openldap 1.1

openldap/openldap 1.1.0

openldap/openldap 1.1.1

openldap/openldap 1.1.2

openldap/openldap 1.1.3

openldap/openldap 1.1.4

... and 40 more

Published Dec 13, 2006

Tracked Since Feb 18, 2026