CVE-2015-6908

Related Files

Apple Security Advisory 2015-12-08-3

Posted Dec 10, 2015

Authored by Apple | Site apple.com

Apple Security Advisory 2015-12-08-3 - OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses 54 vulnerabilities.

tags | advisory, vulnerability

systems | apple, osx

advisories | CVE-2011-2895, CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2015-3807, CVE-2015-5333, CVE-2015-5334, CVE-2015-6908, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7044, CVE-2015-7045, CVE-2015-7046, CVE-2015-7047, CVE-2015-7052, CVE-2015-7053, CVE-2015-7054, CVE-2015-7058, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7062, CVE-2015-7063

SHA-256 | 78e2a97a16b2ff481c45ddbbba9833cf2d0f52000284853fc1795caaaf5b2c92

Download | Favorite | View

Red Hat Security Advisory 2015-1840-01

Posted Sep 30, 2015

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1840-01 - OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon parsed certain Basic Encoding Rules data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, remote, protocol

systems | linux, redhat

advisories | CVE-2015-6908

SHA-256 | 2b8db859613f053e6c09246eb10db2943893cddb4c9cda9cb50ffde1360f2a63

Download | Favorite | View

Ubuntu Security Notice USN-2742-1

Posted Sep 17, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2742-1 - Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER data. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped with a potentially unsafe default access control configuration. Depending on how the database is configure, this may allow users to impersonate others by modifying attributes such as their Unix user and group numbers. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, unix, ubuntu

advisories | CVE-2014-9713, CVE-2015-6908

SHA-256 | 9b6a8ed19fb6f7e3f64b01c4aa1fe8b45478ce1971f92272242e7566e492728c

Download | Favorite | View

Debian Security Advisory 3356-1

Posted Sep 15, 2015

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3356-1 - Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet.

tags | advisory, remote, denial of service, protocol

systems | linux, debian

advisories | CVE-2015-6908

SHA-256 | 6ea26f64cefbfb2556a3754993d105f8cd15fe3aedccdcdf9a191f239a95031f

Download | Favorite | View