Detections
Analytics

SIDVault < 2.0f LDAP Server Malformed Search Request Buffer Overflow

critical Nessus Plugin ID 25935

Language:

Synopsis

The remote LDAP server is vulnerable to a buffer overflow attack.

Description

The remote host is running SIDVault, an LDAP v3 server for Windows and Linux.

According to its banner, the version of SIDVault on the remote host fails to handle certain malformed search requests. A user reportedly can leverage this issue to crash the affected service or execute arbitrary code on the affected system with root or SYSTEM-level privileges.

Solution

Upgrade to SIDVault version 2.0f or later.

See Also

https://www.securityfocus.com/archive/1/477821/30/0/threaded

Plugin Details

Severity: Critical

ID: 25935

File Name: sidvault_20f.nasl

Version: 1.16

Type: remote

Published: 8/28/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2007-4566

BID: 25460

CWE: 119