CVE-2013-4449 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-4449 Interim 1 47 2023-01-17T03:02:23Z current 2021-05-30T13:14:24Z 2023-01-17T03:02:23Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-4449 The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2015-May/001389.html E-Mail link for SUSE-SU-2015:0887-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Server for SAP Applications 12 SP5 compat-libldap-2_3-0 compat-libldap-2_3-0-2.3.37-2.17.18.1 compat-libldap-2_3-0-2.3.37-2.30.1 libldap-2_4-2 libldap-2_4-2-2.4.26-0.17.18.1 libldap-2_4-2-2.4.26-0.30.1 libldap-2_4-2-32bit libldap-2_4-2-32bit-2.4.26-0.17.18.1 libldap-2_4-2-32bit-2.4.26-0.30.1 libldap-2_4-2-x86-2.4.26-0.30.1 libldap-openssl1-2_4-2-2.4.26-0.30.2 libldap-openssl1-2_4-2-32bit-2.4.26-0.30.2 libldap-openssl1-2_4-2-x86-2.4.26-0.30.2 openldap2 openldap2-2.4.26-0.17.18.1 openldap2-2.4.26-0.30.1 openldap2-back-meta openldap2-back-meta-2.4.26-0.17.18.1 openldap2-back-meta-2.4.26-0.30.1 openldap2-back-perl openldap2-back-perl-2.4.26-0.30.1 openldap2-client openldap2-client-2.4.26-0.17.18.1 openldap2-client-2.4.26-0.30.1 openldap2-devel-2.4.26-0.30.1 openldap2-devel-32bit-2.4.26-0.30.1 openldap2-doc openldap2-ppolicy-check-password libldap-2_4-2-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 libldap-2_4-2-32bit-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 openldap2-client-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 compat-libldap-2_3-0-2.3.37-2.17.18.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA libldap-2_4-2-2.4.26-0.17.18.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA libldap-2_4-2-32bit-2.4.26-0.17.18.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA openldap2-2.4.26-0.17.18.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA openldap2-back-meta-2.4.26-0.17.18.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA openldap2-client-2.4.26-0.17.18.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA compat-libldap-2_3-0-2.3.37-2.30.1 as a component of SUSE Linux Enterprise Server 11 SP3 libldap-2_4-2-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP3 libldap-2_4-2-32bit-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP3 libldap-2_4-2-x86-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP3 openldap2-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP3 openldap2-back-meta-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP3 openldap2-client-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP3 compat-libldap-2_3-0-2.3.37-2.30.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA libldap-2_4-2-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA libldap-2_4-2-32bit-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA openldap2-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA openldap2-back-meta-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA openldap2-client-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA compat-libldap-2_3-0-2.3.37-2.30.1 as a component of SUSE Linux Enterprise Server 11 SP4 libldap-2_4-2-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP4 libldap-2_4-2-32bit-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP4 libldap-2_4-2-x86-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP4 openldap2-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP4 openldap2-back-meta-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP4 openldap2-client-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server 11 SP4 libldap-openssl1-2_4-2-2.4.26-0.30.2 as a component of SUSE Linux Enterprise Server 11-SECURITY libldap-openssl1-2_4-2-32bit-2.4.26-0.30.2 as a component of SUSE Linux Enterprise Server 11-SECURITY libldap-openssl1-2_4-2-x86-2.4.26-0.30.2 as a component of SUSE Linux Enterprise Server 11-SECURITY compat-libldap-2_3-0-2.3.37-2.30.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 libldap-2_4-2-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 libldap-2_4-2-32bit-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 libldap-2_4-2-x86-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 openldap2-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 openldap2-back-meta-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 openldap2-client-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 openldap2-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 openldap2-back-perl-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 openldap2-devel-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 openldap2-devel-32bit-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 openldap2-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 openldap2-back-perl-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 openldap2-devel-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 openldap2-devel-32bit-2.4.26-0.30.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 compat-libldap-2_3-0 as a component of SUSE Linux Enterprise Module for Legacy 12 openldap2 as a component of SUSE Linux Enterprise Module for Legacy 12 openldap2 as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata compat-libldap-2_3-0 as a component of SUSE Linux Enterprise Server 11 SP3 openldap2 as a component of SUSE Linux Enterprise Server 11 SP3 openldap2-back-meta as a component of SUSE Linux Enterprise Server 11 SP3 compat-libldap-2_3-0 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS openldap2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS openldap2-back-meta as a component of SUSE Linux Enterprise Server 11 SP4-LTSS openldap2 as a component of SUSE Linux Enterprise Server 12 openldap2-back-meta as a component of SUSE Linux Enterprise Server 12 compat-libldap-2_3-0 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 openldap2-doc as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 openldap2-ppolicy-check-password as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 openldap2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 compat-libldap-2_3-0 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libldap-2_4-2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libldap-2_4-2-32bit as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 openldap2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 openldap2-back-meta as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 openldap2-client as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 openldap2-doc as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 openldap2-ppolicy-check-password as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 compat-libldap-2_3-0 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 openldap2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 openldap2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 openldap2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 openldap2-back-perl as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 openldap2-back-perl as a component of SUSE Linux Enterprise Software Development Kit 12 openldap2 as a component of SUSE Linux Enterprise Software Development Kit 12 The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. CVE-2013-4449 SUSE Linux Enterprise Desktop 11 SP3:libldap-2_4-2-2.4.26-0.30.1 SUSE Linux Enterprise Desktop 11 SP3:libldap-2_4-2-32bit-2.4.26-0.30.1 SUSE Linux Enterprise Desktop 11 SP3:openldap2-client-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:compat-libldap-2_3-0-2.3.37-2.17.18.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:libldap-2_4-2-2.4.26-0.17.18.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:libldap-2_4-2-32bit-2.4.26-0.17.18.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:openldap2-2.4.26-0.17.18.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:openldap2-back-meta-2.4.26-0.17.18.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:openldap2-client-2.4.26-0.17.18.1 SUSE Linux Enterprise Server 11 SP3:compat-libldap-2_3-0-2.3.37-2.30.1 SUSE Linux Enterprise Server 11 SP3:libldap-2_4-2-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3:libldap-2_4-2-32bit-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3:libldap-2_4-2-x86-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3:openldap2-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3:openldap2-back-meta-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3:openldap2-client-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:compat-libldap-2_3-0-2.3.37-2.30.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libldap-2_4-2-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libldap-2_4-2-32bit-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:openldap2-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:openldap2-back-meta-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:openldap2-client-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP4:compat-libldap-2_3-0-2.3.37-2.30.1 SUSE Linux Enterprise Server 11 SP4:libldap-2_4-2-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP4:libldap-2_4-2-32bit-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP4:libldap-2_4-2-x86-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP4:openldap2-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP4:openldap2-back-meta-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP4:openldap2-client-2.4.26-0.30.1 SUSE Linux Enterprise Server 11-SECURITY:libldap-openssl1-2_4-2-2.4.26-0.30.2 SUSE Linux Enterprise Server 11-SECURITY:libldap-openssl1-2_4-2-32bit-2.4.26-0.30.2 SUSE Linux Enterprise Server 11-SECURITY:libldap-openssl1-2_4-2-x86-2.4.26-0.30.2 SUSE Linux Enterprise Server for SAP Applications 11 SP3:compat-libldap-2_3-0-2.3.37-2.30.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libldap-2_4-2-2.4.26-0.30.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libldap-2_4-2-32bit-2.4.26-0.30.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libldap-2_4-2-x86-2.4.26-0.30.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:openldap2-2.4.26-0.30.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:openldap2-back-meta-2.4.26-0.30.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:openldap2-client-2.4.26-0.30.1 SUSE Linux Enterprise Software Development Kit 11 SP3:openldap2-2.4.26-0.30.1 SUSE Linux Enterprise Software Development Kit 11 SP3:openldap2-back-perl-2.4.26-0.30.1 SUSE Linux Enterprise Software Development Kit 11 SP3:openldap2-devel-2.4.26-0.30.1 SUSE Linux Enterprise Software Development Kit 11 SP3:openldap2-devel-32bit-2.4.26-0.30.1 SUSE Linux Enterprise Software Development Kit 11 SP4:openldap2-2.4.26-0.30.1 SUSE Linux Enterprise Software Development Kit 11 SP4:openldap2-back-perl-2.4.26-0.30.1 SUSE Linux Enterprise Software Development Kit 11 SP4:openldap2-devel-2.4.26-0.30.1 SUSE Linux Enterprise Software Development Kit 11 SP4:openldap2-devel-32bit-2.4.26-0.30.1 SUSE Linux Enterprise Module for Legacy 12:compat-libldap-2_3-0 SUSE Linux Enterprise Module for Legacy 12:openldap2 SUSE Linux Enterprise Server 11 SP1 for Teradata:openldap2 SUSE Linux Enterprise Server 11 SP3:compat-libldap-2_3-0 SUSE Linux Enterprise Server 11 SP3:openldap2 SUSE Linux Enterprise Server 11 SP3:openldap2-back-meta SUSE Linux Enterprise Server 11 SP4-LTSS:compat-libldap-2_3-0 SUSE Linux Enterprise Server 11 SP4-LTSS:openldap2 SUSE Linux Enterprise Server 11 SP4-LTSS:openldap2-back-meta SUSE Linux Enterprise Server 12:openldap2 SUSE Linux Enterprise Server 12:openldap2-back-meta SUSE Linux Enterprise Server for SAP Applications 12 SP3:compat-libldap-2_3-0 SUSE Linux Enterprise Server for SAP Applications 12 SP3:openldap2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:openldap2-doc SUSE Linux Enterprise Server for SAP Applications 12 SP3:openldap2-ppolicy-check-password SUSE Linux Enterprise Server for SAP Applications 12 SP4:compat-libldap-2_3-0 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libldap-2_4-2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libldap-2_4-2-32bit SUSE Linux Enterprise Server for SAP Applications 12 SP4:openldap2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:openldap2-back-meta SUSE Linux Enterprise Server for SAP Applications 12 SP4:openldap2-client SUSE Linux Enterprise Server for SAP Applications 12 SP4:openldap2-doc SUSE Linux Enterprise Server for SAP Applications 12 SP4:openldap2-ppolicy-check-password SUSE Linux Enterprise Server for SAP Applications 12 SP5:compat-libldap-2_3-0 SUSE Linux Enterprise Server for SAP Applications 12 SP5:openldap2 SUSE Linux Enterprise Software Development Kit 11 SP3:openldap2 SUSE Linux Enterprise Software Development Kit 11 SP4:openldap2 SUSE Linux Enterprise Software Development Kit 11 SP4:openldap2-back-perl SUSE Linux Enterprise Software Development Kit 12:openldap2 SUSE Linux Enterprise Software Development Kit 12:openldap2-back-perl moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P