CVE-2006-5779 — HIGH (7.5) — White Hats Nepal

Q: What is CVE-2006-5779?

CVE-2006-5779 is a vulnerability with a CVSS score of 7.5 (HIGH). OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

Q: How severe is CVE-2006-5779?

CVE-2006-5779 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-5779?

Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Canonical Ubuntu Linux.

Vulnerability Description

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openldap	Openldap	< 2.3.29
Canonical	Ubuntu Linux	5.10

Related Weaknesses (CWE)

CWE-617

References

http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gzBroken LinkExploit
http://gleg.net/vulndisco_meta.shtmlBroken LinkExploit
http://secunia.com/advisories/22750Broken LinkVendor Advisory
http://secunia.com/advisories/22953Broken LinkVendor Advisory
http://secunia.com/advisories/22996Broken LinkVendor Advisory
http://secunia.com/advisories/23125Broken LinkVendor Advisory
http://secunia.com/advisories/23133Broken LinkVendor Advisory
http://secunia.com/advisories/23152Broken LinkVendor Advisory
http://secunia.com/advisories/23170Broken LinkVendor Advisory
http://security.gentoo.org/glsa/glsa-200611-25.xmlThird Party Advisory
http://securityreason.com/securityalert/1831Broken Link
http://securitytracker.com/id?1017166Broken LinkExploitThird Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:208Broken Link
http://www.novell.com/linux/security/advisories/2006_72_openldap2.htmlBroken Link
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740ExploitIssue Tracking

FAQ

What is CVE-2006-5779?

CVE-2006-5779 is a vulnerability with a CVSS score of 7.5 (HIGH). OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

How severe is CVE-2006-5779?

CVE-2006-5779 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-5779?

Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Canonical Ubuntu Linux.