ID

VAR-200107-0035


CVE

CVE-2001-0977


TITLE

Multiple versions of OpenLDAP are vulnerable to denial-of-service attacks

Trust: 0.8

sources: CERT/CC: VU#935800

DESCRIPTION

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the advice provided below. Vulnerabilities exist in slapd in OpenLDAP 1.x versions prior to 1.2.12 and 2.x versions prior to 2.0.8

Trust: 1.71

sources: NVD: CVE-2001-0977 // CERT/CC: VU#935800 // VULHUB: VHN-3783

AFFECTED PRODUCTS

vendor:openldapmodel:openldapscope:eqversion:1.0.2

Trust: 1.6

vendor:redhatmodel:linuxscope:eqversion:6.2

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:7.2

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.10

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:2.0.7

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.1

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.1

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.12

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:2.0.4

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:2.0

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:2.0.5

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:2.0.6

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:2.2

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:2.0.2

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.8

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.6

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.9

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.7

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.0

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.1.4

Trust: 1.0

vendor:redhatmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:8.0

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.11

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.3

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.5

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linux corporate serverscope:eqversion:1.0.1

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:7.1

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.0.1

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:2.0.3

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:2.0.1

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.1.2

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.2

Trust: 1.0

vendor:redhatmodel:linuxscope:eqversion:7.1

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.0.3

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.2.4

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.1.1

Trust: 1.0

vendor:mandrakesoftmodel:mandrake single network firewallscope:eqversion:7.2

Trust: 1.0

vendor:openldapmodel:openldapscope:eqversion:1.1.3

Trust: 1.0

vendor:conectivamodel: - scope: - version: -

Trust: 0.8

vendor:debianmodel: - scope: - version: -

Trust: 0.8

vendor:mandrakesoftmodel: - scope: - version: -

Trust: 0.8

vendor:openldapmodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#935800 // CNNVD: CNNVD-200107-100 // NVD: CVE-2001-0977

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0977
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#935800
value: 1.77

Trust: 0.8

CNNVD: CNNVD-200107-100
value: MEDIUM

Trust: 0.6

VULHUB: VHN-3783
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-0977
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3783
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#935800 // VULHUB: VHN-3783 // CNNVD: CNNVD-200107-100 // NVD: CVE-2001-0977

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0977

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200107-100

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200107-100

EXTERNAL IDS

db:BIDid:3049

Trust: 2.5

db:CERT/CCid:VU#935800

Trust: 2.5

db:OSVDBid:1905

Trust: 1.7

db:NVDid:CVE-2001-0977

Trust: 1.7

db:XFid:6904

Trust: 1.4

db:CNNVDid:CNNVD-200107-100

Trust: 0.7

db:CONECTIVAid:CLA-2001:417

Trust: 0.6

db:REDHATid:RHSA-2001:098

Trust: 0.6

db:CERT/CCid:CA-2001-18

Trust: 0.6

db:DEBIANid:DSA-068

Trust: 0.6

db:MANDRAKEid:MDKSA-2001:069

Trust: 0.6

db:VULHUBid:VHN-3783

Trust: 0.1

sources: CERT/CC: VU#935800 // VULHUB: VHN-3783 // CNNVD: CNNVD-200107-100 // NVD: CVE-2001-0977

REFERENCES

url:http://www.securityfocus.com/bid/3049

Trust: 3.5

url:http://www.cert.org/advisories/ca-2001-18.html

Trust: 2.7

url:http://www.kb.cert.org/vuls/id/935800

Trust: 2.7

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417

Trust: 2.7

url:http://www.debian.org/security/2001/dsa-068

Trust: 2.7

url:http://www.linux-mandrake.com/en/security/2001/mdksa-2001-069.php3

Trust: 2.7

url:http://www.osvdb.org/1905

Trust: 2.7

url:http://www.redhat.com/support/errata/rhsa-2001-098.html

Trust: 2.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6904

Trust: 2.1

url:http://xforce.iss.net/static/6904.php

Trust: 1.4

url:http://www.openldap.org/

Trust: 0.8

url:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/

Trust: 0.8

sources: CERT/CC: VU#935800 // VULHUB: VHN-3783 // CNNVD: CNNVD-200107-100 // NVD: CVE-2001-0977

SOURCES

db:CERT/CCid:VU#935800
db:VULHUBid:VHN-3783
db:CNNVDid:CNNVD-200107-100
db:NVDid:CVE-2001-0977

LAST UPDATE DATE

2024-12-21T23:01:30.535000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#935800date:2002-12-12T00:00:00
db:VULHUBid:VHN-3783date:2017-10-10T00:00:00
db:CNNVDid:CNNVD-200107-100date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0977date:2024-11-20T23:36:34.800

SOURCES RELEASE DATE

db:CERT/CCid:VU#935800date:2001-07-17T00:00:00
db:VULHUBid:VHN-3783date:2001-07-16T00:00:00
db:CNNVDid:CNNVD-200107-100date:2001-07-16T00:00:00
db:NVDid:CVE-2001-0977date:2001-07-16T04:00:00