NVD Vulnerability Detail

CVE-2007-5707

Summary	OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.
Publication Date	Oct. 31, 2007, 4:46 a.m.
Registration Date	Jan. 29, 2021, 2:22 p.m.
Last Update	Nov. 7, 2023, 11:01 a.m.

CVSS2.0 : HIGH
Score	7.1
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openldap:openldap:2.0.2:::::::*
cpe:2.3:a:openldap:openldap:2.0.11_11:::::::*
cpe:2.3:a:openldap:openldap:2.1.15:::::::*
cpe:2.3:a:openldap:openldap:2.1.10:::::::*
cpe:2.3:a:openldap:openldap:2.3.28_2.20061022:::::::*
cpe:2.3:a:openldap:openldap:2.2.4:::::::*
cpe:2.3:a:openldap:openldap:2.2.22:::::::*
cpe:2.3:a:openldap:openldap:2.1.29:::::::*
cpe:2.3:a:openldap:openldap:2.2.18:::::::*
cpe:2.3:a:openldap:openldap:2.1.9:::::::*
cpe:2.3:a:openldap:openldap:1.2.6:::::::*
cpe:2.3:a:openldap:openldap:1.1.2:::::::*
cpe:2.3:a:openldap:openldap:2.0.22:::::::*
cpe:2.3:a:openldap:openldap:2.0.9:::::::*
cpe:2.3:a:openldap:openldap:2.2.0:::::::*
cpe:2.3:a:openldap:openldap:2.1.19:::::::*
cpe:2.3:a:openldap:openldap:1.0:::::::*
cpe:2.3:a:openldap:openldap:2.2.29_rev_1.134:::::::*
cpe:2.3:a:openldap:openldap:1.2.7:::::::*
cpe:2.3:a:openldap:openldap:2.2.12:::::::*
cpe:2.3:a:openldap:openldap:2.2.20:::::::*
cpe:2.3:a:openldap:openldap:2.0.15:::::::*
cpe:2.3:a:openldap:openldap:2.2.13:::::::*
cpe:2.3:a:openldap:openldap:2.1.30:::::::*
cpe:2.3:a:openldap:openldap:2.0.26:::::::*
cpe:2.3:a:openldap:openldap:2.1.5:::::::*
cpe:2.3:a:openldap:openldap:2.1.14:::::::*
cpe:2.3:a:openldap:openldap:2.1.21:::::::*
cpe:2.3:a:openldap:openldap:1.0.2:::::::*
cpe:2.3:a:openldap:openldap:2.1.24:::::::*
cpe:2.3:a:openldap:openldap:2.1.20:::::::*
cpe:2.3:a:openldap:openldap:2.0.14:::::::*
cpe:2.3:a:openldap:openldap:2.0.7:::::::*
cpe:2.3:a:openldap:openldap:1.2.11:::::::*
cpe:2.3:a:openldap:openldap:1.1.0:::::::*
cpe:2.3:a:openldap:openldap:2.0.13:::::::*
cpe:2.3:a:openldap:openldap:2.0.27:::::::*
cpe:2.3:a:openldap:openldap:2.0.11_9:::::::*
cpe:2.3:a:openldap:openldap:2.2.9:::::::*
cpe:2.3:a:openldap:openldap:2.1.26:::::::*
cpe:2.3:a:openldap:openldap:2.2.27:::::::*
cpe:2.3:a:openldap:openldap:2.3.27_2.20061018:::::::*
cpe:2.3:a:openldap:openldap:2.1.17:::::::*
cpe:2.3:a:openldap:openldap:2.1.2:::::::*
cpe:2.3:a:openldap:openldap:2.2.14:::::::*
cpe:2.3:a:openldap:openldap:2.1.6:::::::*
cpe:2.3:a:openldap:openldap:2.0.3:::::::*
cpe:2.3:a:openldap:openldap:2.2.10:::::::*
cpe:2.3:a:openldap:openldap:2.2.7:::::::*
cpe:2.3:a:openldap:openldap:1.2.12:::::::*
cpe:2.3:a:openldap:openldap:2.0.25:::::::*
cpe:2.3:a:openldap:openldap:2.1.12:::::::*
cpe:2.3:a:openldap:openldap:2.0.12:::::::*
cpe:2.3:a:openldap:openldap:2.1_.20:::::::*
cpe:2.3:a:openldap:openldap:2.2.24:::::::*
cpe:2.3:a:openldap:openldap:1.2.1:::::::*
cpe:2.3:a:openldap:openldap:1.1.4:::::::*
cpe:2.3:a:openldap:openldap:1.1:::::::*
cpe:2.3:a:openldap:openldap:1.2.10:::::::*
cpe:2.3:a:openldap:openldap:2.0.24:::::::*
cpe:2.3:a:openldap:openldap:1.1.1:::::::*
cpe:2.3:a:openldap:openldap:2.0.20:::::::*
cpe:2.3:a:openldap:openldap:1.2.2:::::::*
cpe:2.3:a:openldap:openldap:2.3.28_e1.0.0:::::::*
cpe:2.3:a:openldap:openldap:1.0.1:::::::*
cpe:2.3:a:openldap:openldap:1.2.4:::::::*
cpe:2.3:a:openldap:openldap:2.0.4:::::::*
cpe:2.3:a:openldap:openldap:2.0.16:::::::*
cpe:2.3:a:openldap:openldap:2.2.5:::::::*
cpe:2.3:a:openldap:openldap:2.2.6:::::::*
cpe:2.3:a:openldap:openldap:2.1.25:::::::*
cpe:2.3:a:openldap:openldap:1.2.8:::::::*
cpe:2.3:a:openldap:openldap:2.1.27:::::::*
cpe:2.3:a:openldap:openldap:2.0.11_11s:::::::*
cpe:2.3:a:openldap:openldap:1.2.9:::::::*
cpe:2.3:a:openldap:openldap:2.0.19:::::::*
cpe:2.3:a:openldap:openldap:2.2.21:::::::*
cpe:2.3:a:openldap:openldap:2.1.8:::::::*
cpe:2.3:a:openldap:openldap:2.2.28_r2:::::::*
cpe:2.3:a:openldap:openldap:2.2.1:::::::*
cpe:2.3:a:openldap:openldap:1.2.13:::::::*
cpe:2.3:a:openldap:openldap:2.0.10:::::::*
cpe:2.3:a:openldap:openldap:2.1.7:::::::*
cpe:2.3:a:openldap:openldap:2.0.1:::::::*
cpe:2.3:a:openldap:openldap:2.2.15:::::::*
cpe:2.3:a:openldap:openldap:2.0:::::::*
cpe:2.3:a:openldap:openldap:2.0.23:::::::*
cpe:2.3:a:openldap:openldap:1.2.5:::::::*
cpe:2.3:a:openldap:openldap:2.2.11:::::::*
cpe:2.3:a:openldap:openldap:1.0.3:::::::*
cpe:2.3:a:openldap:openldap:2.2.17:::::::*
cpe:2.3:a:openldap:openldap:2.1.3:::::::*
cpe:2.3:a:openldap:openldap:2.3.28_20061022:::::::*
cpe:2.3:a:openldap:openldap:2.2.23:::::::*
cpe:2.3:a:openldap:openldap:2.1.11:::::::*
cpe:2.3:a:openldap:openldap:2.0.8:::::::*
cpe:2.3:a:openldap:openldap:2.1.13:::::::*
cpe:2.3:a:openldap:openldap:2.2.25:::::::*
cpe:2.3:a:openldap:openldap:2.1.23:::::::*
cpe:2.3:a:openldap:openldap:2.0.18:::::::*
cpe:2.3:a:openldap:openldap:1.2:::::::*
cpe:2.3:a:openldap:openldap:2.1.16:::::::*
cpe:2.3:a:openldap:openldap:2.1.28:::::::*
cpe:2.3:a:openldap:openldap:2.1.22:::::::*
cpe:2.3:a:openldap:openldap:2.0.5:::::::*
cpe:2.3:a:openldap:openldap:2.2.8:::::::*
cpe:2.3:a:openldap:openldap:1.1.3:::::::*
cpe:2.3:a:openldap:openldap:2.0.11:::::::*
cpe:2.3:a:openldap:openldap:2.2.26:::::::*
cpe:2.3:a:openldap:openldap:2.0.6:::::::*
cpe:2.3:a:openldap:openldap:2.0.17:::::::*
cpe:2.3:a:openldap:openldap:2.2.19:::::::*
cpe:2.3:a:openldap:openldap:2.1.4:::::::*
cpe:2.3:a:openldap:openldap:1.2.3:::::::*
cpe:2.3:a:openldap:openldap:2.1.18:::::::*
cpe:2.3:a:openldap:openldap:2.2.16:::::::*
cpe:2.3:a:openldap:openldap:2.0.0:::::::*
cpe:2.3:a:openldap:openldap:2.0.21:::::::*
cpe:2.3:a:openldap:openldap:1.2.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5119	MISC
2	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632	CONFIRM
3	http://www.openldap.org/lists/openldap-announce/200710/msg00001.html	MLIST	Patch
4	http://secunia.com/advisories/27424	SECUNIA	Patch Vendor Advisory
5	http://www.redhat.com/archives/fedora-package-announce/2007-November/msg00460.html	FEDORA
6	http://www.mandriva.com/security/advisories?name=MDKSA-2007:215	MANDRIVA
7	http://www.redhat.com/support/errata/RHSA-2007-1037.html	REDHAT
8	http://www.redhat.com/support/errata/RHSA-2007-1038.html	REDHAT
9	http://www.novell.com/linux/security/advisories/2007_24_sr.html	SUSE
10	http://www.ubuntu.com/usn/usn-551-1	UBUNTU
11	http://www.securitytracker.com/id?1018924	SECTRACK
12	http://secunia.com/advisories/27587	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/27596	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/27683	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/27868	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/27756	SECUNIA	Vendor Advisory
17	http://security.gentoo.org/glsa/glsa-200803-28.xml	GENTOO
18	http://secunia.com/advisories/29461	SECUNIA	Vendor Advisory
19	http://www.debian.org/security/2008/dsa-1541	DEBIAN
20	http://secunia.com/advisories/29682	SECUNIA	Vendor Advisory
21	http://www.securityfocus.com/bid/26245	BID
22	http://support.apple.com/kb/HT3937	CONFIRM
23	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html	APPLE
24	http://www.vupen.com/english/advisories/2009/3184	VUPEN	Vendor Advisory
25	http://www.vupen.com/english/advisories/2007/3645	VUPEN	Vendor Advisory
26	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10183	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openldap:openldap:2.0.2:::::::*
cpe:2.3:a:openldap:openldap:2.0.11_11:::::::*
cpe:2.3:a:openldap:openldap:2.1.15:::::::*
cpe:2.3:a:openldap:openldap:2.1.10:::::::*
cpe:2.3:a:openldap:openldap:2.3.28_2.20061022:::::::*
cpe:2.3:a:openldap:openldap:2.2.4:::::::*
cpe:2.3:a:openldap:openldap:2.2.22:::::::*
cpe:2.3:a:openldap:openldap:2.1.29:::::::*
cpe:2.3:a:openldap:openldap:2.2.18:::::::*
cpe:2.3:a:openldap:openldap:2.1.9:::::::*
cpe:2.3:a:openldap:openldap:1.2.6:::::::*
cpe:2.3:a:openldap:openldap:1.1.2:::::::*
cpe:2.3:a:openldap:openldap:2.0.22:::::::*
cpe:2.3:a:openldap:openldap:2.0.9:::::::*
cpe:2.3:a:openldap:openldap:2.2.0:::::::*
cpe:2.3:a:openldap:openldap:2.1.19:::::::*
cpe:2.3:a:openldap:openldap:1.0:::::::*
cpe:2.3:a:openldap:openldap:2.2.29_rev_1.134:::::::*
cpe:2.3:a:openldap:openldap:1.2.7:::::::*
cpe:2.3:a:openldap:openldap:2.2.12:::::::*
cpe:2.3:a:openldap:openldap:2.2.20:::::::*
cpe:2.3:a:openldap:openldap:2.0.15:::::::*
cpe:2.3:a:openldap:openldap:2.2.13:::::::*
cpe:2.3:a:openldap:openldap:2.1.30:::::::*
cpe:2.3:a:openldap:openldap:2.0.26:::::::*
cpe:2.3:a:openldap:openldap:2.1.5:::::::*
cpe:2.3:a:openldap:openldap:2.1.14:::::::*
cpe:2.3:a:openldap:openldap:2.1.21:::::::*
cpe:2.3:a:openldap:openldap:1.0.2:::::::*
cpe:2.3:a:openldap:openldap:2.1.24:::::::*
cpe:2.3:a:openldap:openldap:2.1.20:::::::*
cpe:2.3:a:openldap:openldap:2.0.14:::::::*
cpe:2.3:a:openldap:openldap:2.0.7:::::::*
cpe:2.3:a:openldap:openldap:1.2.11:::::::*
cpe:2.3:a:openldap:openldap:1.1.0:::::::*
cpe:2.3:a:openldap:openldap:2.0.13:::::::*
cpe:2.3:a:openldap:openldap:2.0.27:::::::*
cpe:2.3:a:openldap:openldap:2.0.11_9:::::::*
cpe:2.3:a:openldap:openldap:2.2.9:::::::*
cpe:2.3:a:openldap:openldap:2.1.26:::::::*
cpe:2.3:a:openldap:openldap:2.2.27:::::::*
cpe:2.3:a:openldap:openldap:2.3.27_2.20061018:::::::*
cpe:2.3:a:openldap:openldap:2.1.17:::::::*
cpe:2.3:a:openldap:openldap:2.1.2:::::::*
cpe:2.3:a:openldap:openldap:2.2.14:::::::*
cpe:2.3:a:openldap:openldap:2.1.6:::::::*
cpe:2.3:a:openldap:openldap:2.0.3:::::::*
cpe:2.3:a:openldap:openldap:2.2.10:::::::*
cpe:2.3:a:openldap:openldap:2.2.7:::::::*
cpe:2.3:a:openldap:openldap:1.2.12:::::::*
cpe:2.3:a:openldap:openldap:2.0.25:::::::*
cpe:2.3:a:openldap:openldap:2.1.12:::::::*
cpe:2.3:a:openldap:openldap:2.0.12:::::::*
cpe:2.3:a:openldap:openldap:2.1_.20:::::::*
cpe:2.3:a:openldap:openldap:2.2.24:::::::*
cpe:2.3:a:openldap:openldap:1.2.1:::::::*
cpe:2.3:a:openldap:openldap:1.1.4:::::::*
cpe:2.3:a:openldap:openldap:1.1:::::::*
cpe:2.3:a:openldap:openldap:1.2.10:::::::*
cpe:2.3:a:openldap:openldap:2.0.24:::::::*
cpe:2.3:a:openldap:openldap:1.1.1:::::::*
cpe:2.3:a:openldap:openldap:2.0.20:::::::*
cpe:2.3:a:openldap:openldap:1.2.2:::::::*
cpe:2.3:a:openldap:openldap:2.3.28_e1.0.0:::::::*
cpe:2.3:a:openldap:openldap:1.0.1:::::::*
cpe:2.3:a:openldap:openldap:1.2.4:::::::*
cpe:2.3:a:openldap:openldap:2.0.4:::::::*
cpe:2.3:a:openldap:openldap:2.0.16:::::::*
cpe:2.3:a:openldap:openldap:2.2.5:::::::*
cpe:2.3:a:openldap:openldap:2.2.6:::::::*
cpe:2.3:a:openldap:openldap:2.1.25:::::::*
cpe:2.3:a:openldap:openldap:1.2.8:::::::*
cpe:2.3:a:openldap:openldap:2.1.27:::::::*
cpe:2.3:a:openldap:openldap:2.0.11_11s:::::::*
cpe:2.3:a:openldap:openldap:1.2.9:::::::*
cpe:2.3:a:openldap:openldap:2.0.19:::::::*
cpe:2.3:a:openldap:openldap:2.2.21:::::::*
cpe:2.3:a:openldap:openldap:2.1.8:::::::*
cpe:2.3:a:openldap:openldap:2.2.28_r2:::::::*
cpe:2.3:a:openldap:openldap:2.2.1:::::::*
cpe:2.3:a:openldap:openldap:1.2.13:::::::*
cpe:2.3:a:openldap:openldap:2.0.10:::::::*
cpe:2.3:a:openldap:openldap:2.1.7:::::::*
cpe:2.3:a:openldap:openldap:2.0.1:::::::*
cpe:2.3:a:openldap:openldap:2.2.15:::::::*
cpe:2.3:a:openldap:openldap:2.0:::::::*
cpe:2.3:a:openldap:openldap:2.0.23:::::::*
cpe:2.3:a:openldap:openldap:1.2.5:::::::*
cpe:2.3:a:openldap:openldap:2.2.11:::::::*
cpe:2.3:a:openldap:openldap:1.0.3:::::::*
cpe:2.3:a:openldap:openldap:2.2.17:::::::*
cpe:2.3:a:openldap:openldap:2.1.3:::::::*
cpe:2.3:a:openldap:openldap:2.3.28_20061022:::::::*
cpe:2.3:a:openldap:openldap:2.2.23:::::::*
cpe:2.3:a:openldap:openldap:2.1.11:::::::*
cpe:2.3:a:openldap:openldap:2.0.8:::::::*
cpe:2.3:a:openldap:openldap:2.1.13:::::::*
cpe:2.3:a:openldap:openldap:2.2.25:::::::*
cpe:2.3:a:openldap:openldap:2.1.23:::::::*
cpe:2.3:a:openldap:openldap:2.0.18:::::::*
cpe:2.3:a:openldap:openldap:1.2:::::::*
cpe:2.3:a:openldap:openldap:2.1.16:::::::*
cpe:2.3:a:openldap:openldap:2.1.28:::::::*
cpe:2.3:a:openldap:openldap:2.1.22:::::::*
cpe:2.3:a:openldap:openldap:2.0.5:::::::*
cpe:2.3:a:openldap:openldap:2.2.8:::::::*
cpe:2.3:a:openldap:openldap:1.1.3:::::::*
cpe:2.3:a:openldap:openldap:2.0.11:::::::*
cpe:2.3:a:openldap:openldap:2.2.26:::::::*
cpe:2.3:a:openldap:openldap:2.0.6:::::::*
cpe:2.3:a:openldap:openldap:2.0.17:::::::*
cpe:2.3:a:openldap:openldap:2.2.19:::::::*
cpe:2.3:a:openldap:openldap:2.1.4:::::::*
cpe:2.3:a:openldap:openldap:1.2.3:::::::*
cpe:2.3:a:openldap:openldap:2.1.18:::::::*
cpe:2.3:a:openldap:openldap:2.2.16:::::::*
cpe:2.3:a:openldap:openldap:2.0.0:::::::*
cpe:2.3:a:openldap:openldap:2.0.21:::::::*
cpe:2.3:a:openldap:openldap:1.2.0:::::::*