CVE-2013-4449

Publication date 5 February 2014

Last updated 24 July 2024

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openldap	15.04 vivid	Fixed 2.4.31-1+nmu2ubuntu12.1
	14.10 utopic	Fixed 2.4.31-1+nmu2ubuntu11.1
	14.04 LTS trusty	Fixed 2.4.31-1+nmu2ubuntu8.1
	13.10 saucy	Ignored end of life
	13.04 raring	Ignored end of life
	12.10 quantal	Ignored end of life
	12.04 LTS precise	Fixed 2.4.28-1.1ubuntu4.5
	10.04 LTS lucid	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
openldap	Upstream: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=924389d9dd9dbb6ffe5db6c0fc65ecfe6814a1af

CVE-2013-4449

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references