SERVER-OTHER OpenLDAP BER Message denial of service attempt
The bergetnext function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
CVSS base score 5.0 CVSS impact score 2.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE
CVE-2015-6908:
CVSS base score 5.0
CVSS impact score 2.9
CVSS exploitability score 10.0
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact PARTIAL
CVE-2015-6908: The bergetnext function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
CVE-2015-6908:
Access Vector NETWORK
Access Complexity LOW
Authentication NONE
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.