5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
4.5 Medium
AI Score
Confidence
High
0.947 High
EPSS
Percentile
99.3%
Package : openldap
Version : 2.4.23-7.3+deb6u2
CVE ID : CVE-2015-6908
Debian Bug : 798622
Denis Andzakovic discovered that OpenLDAP, a free implementation of the
Lightweight Directory Access Protocol, does not properly handle BER
data. An unauthenticated remote attacker can use this flaw to cause a
denial of service (slapd daemon crash) via a specially crafted packet.
The Squeeze-LTS package has been prepared by Ryan Tandy.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | s390x | libldap-2.4-2 | < 2.4.31-2+deb7u1 | libldap-2.4-2_2.4.31-2+deb7u1_s390x.deb |
Debian | 7 | amd64 | ldap-utils | < 2.4.31-2+deb7u1 | ldap-utils_2.4.31-2+deb7u1_amd64.deb |
Debian | 8 | arm64 | libldap-2.4-2 | < 2.4.40+dfsg-1+deb8u1 | libldap-2.4-2_2.4.40+dfsg-1+deb8u1_arm64.deb |
Debian | 8 | kfreebsd-i386 | libldap-2.4-2-dbg | < 2.4.40+dfsg-1+deb8u1 | libldap-2.4-2-dbg_2.4.40+dfsg-1+deb8u1_kfreebsd-i386.deb |
Debian | 6 | i386 | ldap-utils | < 2.4.23-7.3+deb6u2 | ldap-utils_2.4.23-7.3+deb6u2_i386.deb |
Debian | 6 | amd64 | slapd-smbk5pwd | < 2.4.23-7.3+deb6u2 | slapd-smbk5pwd_2.4.23-7.3+deb6u2_amd64.deb |
Debian | 7 | armel | slapd | < 2.4.31-2+deb7u1 | slapd_2.4.31-2+deb7u1_armel.deb |
Debian | 7 | s390x | libldap2-dev | < 2.4.31-2+deb7u1 | libldap2-dev_2.4.31-2+deb7u1_s390x.deb |
Debian | 8 | mips | ldap-utils | < 2.4.40+dfsg-1+deb8u1 | ldap-utils_2.4.40+dfsg-1+deb8u1_mips.deb |
Debian | 8 | powerpc | libldap-2.4-2-dbg | < 2.4.40+dfsg-1+deb8u1 | libldap-2.4-2-dbg_2.4.40+dfsg-1+deb8u1_powerpc.deb |