Re: Security alerts on OpenLDAP (CVE-2015-1545 / CVE-2015-1546)

23 Feb 2015

      Clément OUDOT wrote:
...
Hi,
I saw today two CVE on OpenLDAP:

http://vigilance.fr/vulnerability/OpenLDAP-NULL-pointer-dereference-via-dere...
http://vigilance.fr/vulnerability/OpenLDAP-use-after-free-via-Matched-Values...

Don't know if they are reported in some ITS.
That's because you're reading 2nd or 3rd-hand reports. Read the actual CVEs and you'll see that relevant ITSs already linked.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546
Given that the deref overlay isn't even documented and is probably used by only a handful of OpenLDAP developers I don't believe it even merited a CVE record.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: Security alerts on OpenLDAP (CVE-2015-1545 / CVE-2015-1546)