CVE-2015-1545medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
References
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html
http://secunia.com/advisories/62787
http://www.debian.org/security/2015/dsa-3209
http://www.mandriva.com/security/advisories?name=MDVSA-2015:073
http://www.mandriva.com/security/advisories?name=MDVSA-2015:074
http://www.openldap.org/its/?findid=8027
http://www.openwall.com/lists/oss-security/2015/02/07/3
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/72519
http://www.securitytracker.com/id/1032399
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988
Details
Source: MITRE
Published: 2015-02-12
Updated: 2017-09-08
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.4.38:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 131957 | macOS 10.15.x < 10.15.2 / 10.14.x < 10.14.6 Security Update 2019-002 / 10.13.x < 10.13.6 Security Update 2019-007 | Nessus | MacOS X Local Security Checks | high |
| 700510 | Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | critical |
| 85174 | openSUSE Security Update : openldap2 (openSUSE-2015-526) | Nessus | SuSE Local Security Checks | medium |
| 84261 | SUSE SLED12 / SLES12 Security Update : openldap2 (SUSE-SU-2015:1077-1) | Nessus | SuSE Local Security Checks | medium |
| 83863 | Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openldap vulnerabilities (USN-2622-1) | Nessus | Ubuntu Local Security Checks | medium |
| 83516 | SuSE 11.3 Security Update : openldap2 (SAT Patch Number 10635) | Nessus | SuSE Local Security Checks | medium |
| 82747 | Fedora 21 : openldap-2.4.40-3.fc21 (2015-2055) | Nessus | Fedora Local Security Checks | medium |
| 82700 | Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK) | Nessus | MacOS X Local Security Checks | critical |
| 82699 | Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK) | Nessus | MacOS X Local Security Checks | critical |
| 82432 | Debian DSA-3209-1 : openldap - security update | Nessus | Debian Local Security Checks | medium |
| 82327 | Mandriva Linux Security Advisory : openldap (MDVSA-2015:074) | Nessus | Mandriva Local Security Checks | medium |
| 82326 | Mandriva Linux Security Advisory : openldap (MDVSA-2015:073) | Nessus | Mandriva Local Security Checks | medium |