virus logo Intrusion Prevention

OpenLDAP.Kerberos.Bind.Request.Buffer.Overflow

description-logoDescription

It indicates a possible exploit of a buffer overflow vulnerability in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option. It may allow remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data.

affected-products-logoAffected Products

OpenLDAP OpenLDAP 2.4.3
OpenLDAP OpenLDAP 2.4.2
OpenLDAP OpenLDAP 2.4.1
OpenLDAP OpenLDAP 2.4
OpenLDAP OpenLDAP 2.3.25
OpenLDAP OpenLDAP 2.2.29
OpenLDAP OpenLDAP 2.2.15
OpenLDAP OpenLDAP 2.2.6
OpenLDAP OpenLDAP 2.1.30
OpenLDAP OpenLDAP 2.1.25
OpenLDAP OpenLDAP 2.1.22
OpenLDAP OpenLDAP 2.1.19
OpenLDAP OpenLDAP 2.1.18
OpenLDAP OpenLDAP 2.1.17
OpenLDAP OpenLDAP 2.1.16
OpenLDAP OpenLDAP 2.1.15
OpenLDAP OpenLDAP 2.1.14
OpenLDAP OpenLDAP 2.1.13
OpenLDAP OpenLDAP 2.1.12
OpenLDAP OpenLDAP 2.1.11
OpenLDAP OpenLDAP 2.1.10
OpenLDAP OpenLDAP 2.1.4
OpenLDAP OpenLDAP 2.1 .20
OpenLDAP OpenLDAP 2.0.27
OpenLDAP OpenLDAP 2.0.25
OpenLDAP OpenLDAP 2.0.23
OpenLDAP OpenLDAP 2.0.22
OpenLDAP OpenLDAP 2.0.21
OpenLDAP OpenLDAP 2.0.20
OpenLDAP OpenLDAP 2.0.19
OpenLDAP OpenLDAP 2.0.18
OpenLDAP OpenLDAP 2.0.17
OpenLDAP OpenLDAP 2.0.16
OpenLDAP OpenLDAP 2.0.15
OpenLDAP OpenLDAP 2.0.14
OpenLDAP OpenLDAP 2.0.13
OpenLDAP OpenLDAP 2.0.12
OpenLDAP OpenLDAP 2.0.11 -9
OpenLDAP OpenLDAP 2.0.11 -11S
OpenLDAP OpenLDAP 2.0.11 -11
OpenLDAP OpenLDAP 2.0.11
OpenLDAP OpenLDAP 2.0.10
OpenLDAP OpenLDAP 2.0.9
OpenLDAP OpenLDAP 2.0.8
OpenLDAP OpenLDAP 2.0.7
OpenLDAP OpenLDAP 2.0.6
OpenLDAP OpenLDAP 2.0.5
OpenLDAP OpenLDAP 2.0.4
OpenLDAP OpenLDAP 2.0.3
OpenLDAP OpenLDAP 2.0.2
OpenLDAP OpenLDAP 2.0.1
OpenLDAP OpenLDAP 2.0
OpenLDAP OpenLDAP 1.2.13
OpenLDAP OpenLDAP 1.2.12
OpenLDAP OpenLDAP 1.2.11
OpenLDAP OpenLDAP 1.2.10
OpenLDAP OpenLDAP 1.2.9
OpenLDAP OpenLDAP 1.2.8
OpenLDAP OpenLDAP 1.2.7
OpenLDAP OpenLDAP 1.2.6
OpenLDAP OpenLDAP 1.2.5
OpenLDAP OpenLDAP 1.2.4
OpenLDAP OpenLDAP 1.2.3
OpenLDAP OpenLDAP 1.2.2
OpenLDAP OpenLDAP 1.2.1
OpenLDAP OpenLDAP 1.2
OpenLDAP OpenLDAP 1.1.4
OpenLDAP OpenLDAP 1.1.3
OpenLDAP OpenLDAP 1.1.2
OpenLDAP OpenLDAP 1.1.1
OpenLDAP OpenLDAP 1.1
OpenLDAP OpenLDAP 1.0.3
OpenLDAP OpenLDAP 1.0.2
OpenLDAP OpenLDAP 1.0.1
OpenLDAP OpenLDAP 1.0
OpenLDAP OpenLDAP 2.3.28-E1.0.0
OpenLDAP OpenLDAP 2.3.28-20061022
OpenLDAP OpenLDAP 2.3.28-2.20061022
OpenLDAP OpenLDAP 2.3.27-2.20061018

Impact logoImpact

Execute arbitrary code.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-11 16.978
ID 14295
Created Mar 08, 2007
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2006-6493
Exploit Prediction Score 10.78%
Default Action drop
Active
Affected OS Linux
Affected App Other