Details of VAR-200107-0035

ID

VAR-200107-0035

CVE

CVE-2001-0977

TITLE

Multiple versions of OpenLDAP are vulnerable to denial-of-service attacks

Trust: 0.8

sources: CERT/CC: VU#935800

DESCRIPTION

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the advice provided below. Vulnerabilities exist in slapd in OpenLDAP 1.x versions prior to 1.2.12 and 2.x versions prior to 2.0.8

Trust: 1.71

sources: NVD: CVE-2001-0977 // CERT/CC: VU#935800 // VULHUB: VHN-3783

AFFECTED PRODUCTS

vendor:	openldap	model:	openldap	scope:	eq	version:	1.0.2	Trust: 1.6
vendor:	openldap	model:	openldap	scope:	eq	version:	2.0.6	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	7.1	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	linux	scope:	eq	version:	7.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	2.2	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.5	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.6	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.9	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.10	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	redhat	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux corporate server	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	redhat	model:	linux	scope:	eq	version:	6.2	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.2	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	2.0.5	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.8	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.1	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.0.3	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.7	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.4	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	2.0.7	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.0	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.3	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.12	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake single network firewall	scope:	eq	version:	7.2	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	2.0	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	eq	version:	1.2.11	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	conectiva	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mandrakesoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openldap	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#935800 // CNNVD: CNNVD-200107-100 // NVD: CVE-2001-0977

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0977
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#935800
value:	1.77
Trust: 0.8
CNNVD:	CNNVD-200107-100
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-3783
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-0977
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3783
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#935800 // VULHUB: VHN-3783 // CNNVD: CNNVD-200107-100 // NVD: CVE-2001-0977

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0977

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200107-100

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200107-100

EXTERNAL IDS

db:	BID	id:	3049	Trust: 2.5
db:	CERT/CC	id:	VU#935800	Trust: 2.5
db:	OSVDB	id:	1905	Trust: 1.7
db:	NVD	id:	CVE-2001-0977	Trust: 1.7
db:	XF	id:	6904	Trust: 1.4
db:	CNNVD	id:	CNNVD-200107-100	Trust: 0.7
db:	CONECTIVA	id:	CLA-2001:417	Trust: 0.6
db:	REDHAT	id:	RHSA-2001:098	Trust: 0.6
db:	CERT/CC	id:	CA-2001-18	Trust: 0.6
db:	DEBIAN	id:	DSA-068	Trust: 0.6
db:	MANDRAKE	id:	MDKSA-2001:069	Trust: 0.6
db:	VULHUB	id:	VHN-3783	Trust: 0.1

sources: CERT/CC: VU#935800 // VULHUB: VHN-3783 // CNNVD: CNNVD-200107-100 // NVD: CVE-2001-0977

REFERENCES

url:	http://www.securityfocus.com/bid/3049	Trust: 2.5
url:	http://www.cert.org/advisories/ca-2001-18.html	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/935800	Trust: 1.7
url:	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417	Trust: 1.7
url:	http://www.debian.org/security/2001/dsa-068	Trust: 1.7
url:	http://www.linux-mandrake.com/en/security/2001/mdksa-2001-069.php3	Trust: 1.7
url:	http://www.osvdb.org/1905	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2001-098.html	Trust: 1.7
url:	http://xforce.iss.net/static/6904.php	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6904	Trust: 1.1
url:	http://www.openldap.org/	Trust: 0.8
url:	http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/	Trust: 0.8

sources: CERT/CC: VU#935800 // VULHUB: VHN-3783 // CNNVD: CNNVD-200107-100 // NVD: CVE-2001-0977

SOURCES

db:	CERT/CC	id:	VU#935800
db:	VULHUB	id:	VHN-3783
db:	CNNVD	id:	CNNVD-200107-100
db:	NVD	id:	CVE-2001-0977

LAST UPDATE DATE

2024-09-19T00:53:15.808000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#935800	date:	2002-12-12T00:00:00
db:	VULHUB	id:	VHN-3783	date:	2017-10-10T00:00:00
db:	CNNVD	id:	CNNVD-200107-100	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-0977	date:	2017-10-10T01:29:57.360

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#935800	date:	2001-07-17T00:00:00
db:	VULHUB	id:	VHN-3783	date:	2001-07-16T00:00:00
db:	CNNVD	id:	CNNVD-200107-100	date:	2001-07-16T00:00:00
db:	NVD	id:	CVE-2001-0977	date:	2001-07-16T04:00:00