CVE-2006-6493

Publication date 13 December 2006

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openldap2.2	7.04 feisty	Not in release
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
openldap2.3	7.04 feisty	Not affected
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2006-6493