Vulnerability Name:

CVE-2006-6493 (CCN-30991)

Assigned:2006-12-12
Published:2006-12-12
Updated:2011-03-08
Summary:Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data.
Successful exploitation requires that OpenLDAP allows the use of the LDAPv2 protocol, and is compiled with the --enable-kbind (Kerberos KBIND) option which has been disabled by default since version 2.0.2 and was removed from the configure script in the 2.1 release.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Dec 12 2006 - 03:42:47 CST
OpenLDAP kbind authentication buffer overflow

Source: MITRE
Type: CNA
CVE-2006-6493

Source: CCN
Type: SA23334
OpenLDAP "krbv4_ldap_auth()" Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
23334

Source: SREASON
Type: UNKNOWN
2023

Source: CCN
Type: OpenLDAP Web site
OpenLDAP, Download

Source: CCN
Type: OSVDB ID: 31522
OpenLDAP kbind krbv4_ldap_auth() Function Remote Overflow

Source: MISC
Type: Exploit
http://www.phreedom.org/solar/exploits/openldap-kbind

Source: CCN
Type: Solar Eclipse Web site
OpenLDAP kbind authentication remote exploit

Source: BUGTRAQ
Type: Exploit, Vendor Advisory
20061212 OpenLDAP kbind authentication buffer overflow

Source: CCN
Type: BID-21560
OpenLDAP Server Kerveros 4 Bind Request Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-4964

Source: XF
Type: UNKNOWN
openldap-krbv4ldapauth-bo(30991)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openldap:openldap:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.11_9:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.11_11:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.11_11s:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.21:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.22:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.23:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.24:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.25:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.26:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.27:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.28:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.29:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.30:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1_.20:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.14:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.15:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.16:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.17:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.18:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.19:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.20:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.21:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.22:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.23:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.24:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.25:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.26:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.28_r2:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.3.27_2_2006-10-18:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.3.28_2_2006-10-22:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.3.28_2006-10-22:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.3.28_e1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:*:*:*:*:*:*:*:* (Version <= 2.4.3)

    • * Denotes that component is vulnerable
    BACK
    openldap openldap 1.0
    openldap openldap 1.0.1
    openldap openldap 1.0.2
    openldap openldap 1.0.3
    openldap openldap 1.1
    openldap openldap 1.1.0
    openldap openldap 1.1.1
    openldap openldap 1.1.2
    openldap openldap 1.1.3
    openldap openldap 1.1.4
    openldap openldap 1.2
    openldap openldap 1.2.0
    openldap openldap 1.2.1
    openldap openldap 1.2.2
    openldap openldap 1.2.3
    openldap openldap 1.2.4
    openldap openldap 1.2.5
    openldap openldap 1.2.6
    openldap openldap 1.2.7
    openldap openldap 1.2.8
    openldap openldap 1.2.9
    openldap openldap 1.2.10
    openldap openldap 1.2.11
    openldap openldap 1.2.12
    openldap openldap 1.2.13
    openldap openldap 2.0
    openldap openldap 2.0.0
    openldap openldap 2.0.1
    openldap openldap 2.0.2
    openldap openldap 2.0.3
    openldap openldap 2.0.4
    openldap openldap 2.0.5
    openldap openldap 2.0.6
    openldap openldap 2.0.7
    openldap openldap 2.0.8
    openldap openldap 2.0.9
    openldap openldap 2.0.10
    openldap openldap 2.0.11
    openldap openldap 2.0.11_9
    openldap openldap 2.0.11_11
    openldap openldap 2.0.11_11s
    openldap openldap 2.0.12
    openldap openldap 2.0.13
    openldap openldap 2.0.14
    openldap openldap 2.0.15
    openldap openldap 2.0.16
    openldap openldap 2.0.17
    openldap openldap 2.0.18
    openldap openldap 2.0.19
    openldap openldap 2.0.20
    openldap openldap 2.0.21
    openldap openldap 2.0.22
    openldap openldap 2.0.23
    openldap openldap 2.0.24
    openldap openldap 2.0.25
    openldap openldap 2.0.26
    openldap openldap 2.0.27
    openldap openldap 2.1.2
    openldap openldap 2.1.3
    openldap openldap 2.1.4
    openldap openldap 2.1.5
    openldap openldap 2.1.6
    openldap openldap 2.1.7
    openldap openldap 2.1.8
    openldap openldap 2.1.9
    openldap openldap 2.1.10
    openldap openldap 2.1.11
    openldap openldap 2.1.12
    openldap openldap 2.1.13
    openldap openldap 2.1.14
    openldap openldap 2.1.15
    openldap openldap 2.1.16
    openldap openldap 2.1.17
    openldap openldap 2.1.18
    openldap openldap 2.1.19
    openldap openldap 2.1.20
    openldap openldap 2.1.21
    openldap openldap 2.1.22
    openldap openldap 2.1.23
    openldap openldap 2.1.24
    openldap openldap 2.1.25
    openldap openldap 2.1.26
    openldap openldap 2.1.27
    openldap openldap 2.1.28
    openldap openldap 2.1.29
    openldap openldap 2.1.30
    openldap openldap 2.1_.20
    openldap openldap 2.2.0
    openldap openldap 2.2.1
    openldap openldap 2.2.4
    openldap openldap 2.2.5
    openldap openldap 2.2.6
    openldap openldap 2.2.7
    openldap openldap 2.2.8
    openldap openldap 2.2.9
    openldap openldap 2.2.10
    openldap openldap 2.2.11
    openldap openldap 2.2.12
    openldap openldap 2.2.13
    openldap openldap 2.2.14
    openldap openldap 2.2.15
    openldap openldap 2.2.16
    openldap openldap 2.2.17
    openldap openldap 2.2.18
    openldap openldap 2.2.19
    openldap openldap 2.2.20
    openldap openldap 2.2.21
    openldap openldap 2.2.22
    openldap openldap 2.2.23
    openldap openldap 2.2.24
    openldap openldap 2.2.25
    openldap openldap 2.2.26
    openldap openldap 2.2.27
    openldap openldap 2.2.28_r2
    openldap openldap 2.3.27_2_2006-10-18
    openldap openldap 2.3.28_2_2006-10-22
    openldap openldap 2.3.28_2006-10-22
    openldap openldap 2.3.28_e1.0.0
    openldap openldap *