Vulnerability CVE-2007-4566
Published: 2007-08-27   Modified: 2012-02-12

Description:
Multiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as demonstrated by a long dc entry in an LDAP bind.

See advisories in our WLB2 database:
Topic
Author
Date
High
SIDVault LDAP Server Remote Buffer Overflow
Joxean Koret
28.08.2007

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Alpha centauri software -> Sidvault ldap server 

 References:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065453.html
http://securityreason.com/securityalert/3061
http://www.securityfocus.com/archive/1/477821/100/0/threaded
http://www.securityfocus.com/bid/25460
http://www.securitytracker.com/id?1018612
http://www.vupen.com/english/advisories/2007/2976
https://exchange.xforce.ibmcloud.com/vulnerabilities/36272
Copyright 2024, cxsecurity.com

 

Back to Top