← back
CVE-2006-6493

CVE-2006-6493

EPSS 9.2%
Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/2933unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/23334http://securityreason.com/securityalert/2023http://www.phreedom.org/solar/exploits/openldap-kbindhttp://www.securityfocus.com/archive/1/454181/30/0/threadedhttp://www.vupen.com/english/advisories/2006/4964