{"vuid":"VU#652196","idnumber":"652196","name":"Apple Mac OS X Open Directory server vulnerable to DoS via an invalid LDAP request","keywords":["Apple","Mac","OS X","Open Directory server","DoS","denial of service","LDAP request","OpenLDAP"],"overview":"Apple has reported a vulnerability in its version of OpenLDAP that is included in Apple Mac OS X and Mac OS X Server versions 10.4 to 10.4.6. If successfully exploited, this vulnerability would allow an attacker to create a denial-of-service condition.","clean_desc":"OpenLDAP is a popular open-source implementation of the Lightweight Directory Access Protocol (LDAP). The software allows LDAP-aware programs on a network to get information from a server. Apple uses OpenLDAP as a part of their Open Directory product. Apple reports that there is an assertion error in their implementation of OpenLDAP. An attacker may be able to exploit this vulnerability by sending a specially crafted invalid LDAP request to the server which triggers the assertion. The result of a successful attack would be a denial-of-service condition. Only network access to the server is required to exploit this vulnerability.","impact":"A remote, unauthenticated attacker may be able to create a denial-of-service condition.","resolution":"Upgrade Apply the upgrade provided by Apple. Refer to the Apple security updates in Mac OS X version 10.4.7 for more information.","workarounds":"Restrict Access Restrict access to servers running affected versions of the software to trusted hosts or networks. Apple lists the LDAP ports used by their products as 389/tcp and 389/udp.","sysaffected":"","thanks":"Thanks to Apple Product Security for reporting this vulnerability. Apple, in turn, credits the Mu Security research team with reporting this issue to them.","author":"This document was written by Ryan Giobbi.","public":["http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html","http://www.apple.com/server/macosx/features/opendirectory.html","http://docs.info.apple.com/article.html?artnum=106439"],"cveids":["CVE-2006-1470"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-06-28T12:19:35Z","publicdate":"2006-06-27T00:00:00Z","datefirstpublished":"2006-06-28T20:17:50Z","dateupdated":"2006-06-29T18:42:29Z","revision":23,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"1","cam_internetinfrastructure":"4","cam_population":"2","cam_impact":"6","cam_easeofexploitation":"4","cam_attackeraccessrequired":"12","cam_scorecurrent":"0.216","cam_scorecurrentwidelyknown":"0.27","cam_scorecurrentwidelyknownexploited":"0.4752","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.216,"vulnote":null}