Schweregrad:: Mittel
  CVE Kennungen:: 2013-4449
  Hinweisdatum: 21 Juli 2015

  Beschreibung

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.

  Trend Micro Lösungen

Apply associated Trend Micro DPI Rules.

  Lösungen

  Trend Micro Deep Security DPI Rule Number: 1005862
  Trend Micro Deep Security DPI Rule Name: 1005862 - OpenLDAP slapd RWM Overlay Use-After-Free Denial Of Service Vulnerability

  Betroffene Software und Version:

  • openldap openldap 2.4.10
  • openldap openldap 2.4.11
  • openldap openldap 2.4.12
  • openldap openldap 2.4.13
  • openldap openldap 2.4.14
  • openldap openldap 2.4.15
  • openldap openldap 2.4.16
  • openldap openldap 2.4.17
  • openldap openldap 2.4.18
  • openldap openldap 2.4.19
  • openldap openldap 2.4.20
  • openldap openldap 2.4.21
  • openldap openldap 2.4.22
  • openldap openldap 2.4.23
  • openldap openldap 2.4.24
  • openldap openldap 2.4.25
  • openldap openldap 2.4.26
  • openldap openldap 2.4.27
  • openldap openldap 2.4.28
  • openldap openldap 2.4.29
  • openldap openldap 2.4.30
  • openldap openldap 2.4.31
  • openldap openldap 2.4.32
  • openldap openldap 2.4.33
  • openldap openldap 2.4.34
  • openldap openldap 2.4.35
  • openldap openldap 2.4.36
  • openldap openldap 2.4.6
  • openldap openldap 2.4.7
  • openldap openldap 2.4.8
  • openldap openldap 2.4.9