CVE 2013-4449
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
Related bugs and status
CVE-2013-4449 (Candidate) is related to these bugs:
Bug #1003854: Database upgrade/migration fails with nested db directories (lucid to precise)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1003854 | Database upgrade/migration fails with nested db directories (lucid to precise) | openldap (Ubuntu) | Medium | Fix Released | ||
| 1003854 | Database upgrade/migration fails with nested db directories (lucid to precise) | openldap (Ubuntu Precise) | Medium | Won't Fix | ||
| 1003854 | Database upgrade/migration fails with nested db directories (lucid to precise) | openldap (Debian) | Undecided | Fix Released | ||
Bug #1103353: Invalid GnuTLS cipher suite strings causes libldap to crash
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1103353 | Invalid GnuTLS cipher suite strings causes libldap to crash | openldap (Ubuntu) | Medium | Fix Released | ||
| 1103353 | Invalid GnuTLS cipher suite strings causes libldap to crash | openldap (Debian) | Unknown | Fix Released | ||
| 1103353 | Invalid GnuTLS cipher suite strings causes libldap to crash | openldap (Ubuntu Trusty) | Undecided | Won't Fix | ||
| 1103353 | Invalid GnuTLS cipher suite strings causes libldap to crash | openldap (Ubuntu Precise) | Undecided | Won't Fix | ||
Bug #1293250: mdb testsuite failures on ppc64el
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1293250 | mdb testsuite failures on ppc64el | openldap (Ubuntu) | Undecided | Fix Released | ||
Bug #1316124: Actual Ubuntu Slapd totaly useless for "serious" use
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1316124 | Actual Ubuntu Slapd totaly useless for "serious" use | openldap (Ubuntu) | Medium | Fix Released | ||
Bug #1362481: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1362481 | openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix | openldap (Ubuntu) | Undecided | Fix Released | ||
| 1362481 | openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix | openldap (Debian) | Unknown | Fix Released | ||
Bug #1392018: apparmor stops /var/run/ldapi from being read causing ldap to fail
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1392018 | apparmor stops /var/run/ldapi from being read causing ldap to fail | openldap (Ubuntu) | Undecided | Fix Released | ||
| 1392018 | apparmor stops /var/run/ldapi from being read causing ldap to fail | openldap (Ubuntu Utopic) | Undecided | Won't Fix | ||
| 1392018 | apparmor stops /var/run/ldapi from being read causing ldap to fail | openldap (Ubuntu Vivid) | Undecided | Fix Released | ||
Bug #1395098: Please merge openldap 2.4.40-4 (main) from Debian unstable (main)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1395098 | Please merge openldap 2.4.40-4 (main) from Debian unstable (main) | openldap (Ubuntu) | Undecided | Fix Released | ||
Bug #1446809: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1446809 | [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) | openldap (Ubuntu) | High | Fix Released | ||
| 1446809 | [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) | openldap (Debian) | Unknown | Fix Released | ||
| 1446809 | [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) | openldap (Ubuntu Precise) | High | Fix Released | ||
| 1446809 | [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) | openldap (Ubuntu Trusty) | Undecided | Fix Released | ||
| 1446809 | [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) | openldap (Ubuntu Utopic) | Undecided | Fix Released | ||
| 1446809 | [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) | openldap (Ubuntu Vivid) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
