CVE-2013-4449
First published: Tue Oct 15 2013(Updated: )
It was discovered that OpenLDAP, with the rwm overlay to slapd, could segfault if a user were able to query the directory and immediately unbind from the server. This seems to be due to the rwm overlay not doing reference counting properly, so rwm_conn_destroy frees the session context while rwm_op_search is using it. This condition also seems to require multiple cores/CPUs to trigger. This was also reported upstream [1] and is currently unfixed. [1] <a href="http://www.openldap.org/its/index.cgi/Incoming?id=7723">http://www.openldap.org/its/index.cgi/Incoming?id=7723</a>
Credit: CVE-2012-1164 CVE-2012-2668 CVE-2013-4449 CVE-2015-1545 CVE-2019-13057 CVE-2019-13565 secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =8.0 | |
| Openldap Openldap | <=2.4.36 | |
| Openldap Openldap | =2.4.6 | |
| Openldap Openldap | =2.4.7 | |
| Openldap Openldap | =2.4.8 | |
| Openldap Openldap | =2.4.9 | |
| Openldap Openldap | =2.4.10 | |
| Openldap Openldap | =2.4.11 | |
| Openldap Openldap | =2.4.12 | |
| Openldap Openldap | =2.4.13 | |
| Openldap Openldap | =2.4.14 | |
| Openldap Openldap | =2.4.15 | |
| Openldap Openldap | =2.4.16 | |
| Openldap Openldap | =2.4.17 | |
| Openldap Openldap | =2.4.18 | |
| Openldap Openldap | =2.4.19 | |
| Openldap Openldap | =2.4.20 | |
| Openldap Openldap | =2.4.21 | |
| Openldap Openldap | =2.4.22 | |
| Openldap Openldap | =2.4.23 | |
| Openldap Openldap | =2.4.24 | |
| Openldap Openldap | =2.4.25 | |
| Openldap Openldap | =2.4.26 | |
| Openldap Openldap | =2.4.27 | |
| Openldap Openldap | =2.4.28 | |
| Openldap Openldap | =2.4.29 | |
| Openldap Openldap | =2.4.30 | |
| Openldap Openldap | =2.4.31 | |
| Openldap Openldap | =2.4.32 | |
| Openldap Openldap | =2.4.33 | |
| Openldap Openldap | =2.4.34 | |
| Openldap Openldap | =2.4.35 | |
| Apple macOS Catalina | <10.15.2 | 10.15.2 |
| Apple Mojave | ||
| Apple High Sierra | ||
| debian/openldap | 2.4.57+dfsg-3+deb11u1 2.5.13+dfsg-5 2.5.18+dfsg-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT210788 (Advisory)
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://rhn.redhat.com/errata/RHSA-2014-0126.html
- http://rhn.redhat.com/errata/RHSA-2014-0206.html
- http://seclists.org/fulldisclosure/2019/Dec/26
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-4449
- http://www.debian.org/security/2015/dsa-3209
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:026
- http://www.openldap.org/its/index.cgi/Incoming?id=7723
- http://www.openwall.com/lists/oss-security/2013/10/19/3
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/63190
- http://www.securitytracker.com/id/1029711
- https://bugzilla.redhat.com/show_bug.cgi?id=1019490
- https://seclists.org/bugtraq/2019/Dec/23
- https://support.apple.com/kb/HT210788
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1019490#c0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1060851
- https://rhn.redhat.com/errata/RHSA-2014-0126.html
- https://rhn.redhat.com/errata/RHSA-2014-0206.html
- https://security-tracker.debian.org/tracker/CVE-2013-4449
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8837
- CVE-2019-8853
- CVE-2019-8856
- CVE-2019-8848
- CVE-2019-8834
- CVE-2019-8842
- CVE-2019-8839
- CVE-2019-8830
- CVE-2019-8851
- CVE-2019-8833
- CVE-2019-8828
- CVE-2019-8838
- CVE-2019-8847
- CVE-2019-8852
- CVE-2019-15903
- CVE-2020-9782
- CVE-2012-1164
- CVE-2012-2668
- CVE-2013-4449
- CVE-2015-1545
- CVE-2019-13057
- CVE-2019-13565
- CVE-2019-8832
- CVE-2017-16808
- CVE-2018-10103
- CVE-2018-10105
- CVE-2018-14461
- CVE-2018-14462
- CVE-2018-14463
- CVE-2018-14464
- CVE-2018-14465
- CVE-2018-14466
- CVE-2018-14467
- CVE-2018-14468
- CVE-2018-14469
- CVE-2018-14470
- CVE-2018-14879
- CVE-2018-14880
- CVE-2018-14881
- CVE-2018-14882
- CVE-2018-16227
- CVE-2018-16228
- CVE-2018-16229
- CVE-2018-16230
- CVE-2018-16300
- CVE-2018-16301
- CVE-2018-16451
- CVE-2018-16452
- CVE-2019-15166
- CVE-2019-15167
- CVE-2019-15126
Frequently Asked Questions
What is the severity of CVE-2013-4449?
The severity of CVE-2013-4449 is high.
How do I fix CVE-2013-4449 on macOS Catalina?
To fix CVE-2013-4449 on macOS Catalina, update to OpenLDAP version 2.4.28 or later.
How do I fix CVE-2013-4449 on macOS Mojave?
To fix CVE-2013-4449 on macOS Mojave, update to OpenLDAP version 2.4.28 or later.
How do I fix CVE-2013-4449 on macOS High Sierra?
To fix CVE-2013-4449 on macOS High Sierra, update to OpenLDAP version 2.4.28 or later.
Where can I find more information about CVE-2013-4449?
You can find more information about CVE-2013-4449 at the following reference: [Apple Support](https://support.apple.com/en-us/HT210788)
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/apple-support
- alias/CVE-2012-2668
- alias/CVE-2013-4449
- alias/CVE-2015-1545
- alias/CVE-2019-13057
- alias/CVE-2019-13565
- agent/software-canonical-lookup-request
- agent/weakness
- agent/references
- agent/severity
- agent/event
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- version/debian debian linux/8.0
- vendor/openldap
- canonical/openldap openldap
- version/openldap openldap/2.4.36
- version/openldap openldap/2.4.6
- version/openldap openldap/2.4.7
- version/openldap openldap/2.4.8
- version/openldap openldap/2.4.9
- version/openldap openldap/2.4.10
- version/openldap openldap/2.4.11
- version/openldap openldap/2.4.12
- version/openldap openldap/2.4.13
- version/openldap openldap/2.4.14
- version/openldap openldap/2.4.15
- version/openldap openldap/2.4.16
- version/openldap openldap/2.4.17
- version/openldap openldap/2.4.18
- version/openldap openldap/2.4.19
- version/openldap openldap/2.4.20
- version/openldap openldap/2.4.21
- version/openldap openldap/2.4.22
- version/openldap openldap/2.4.23
- version/openldap openldap/2.4.24
- version/openldap openldap/2.4.25
- version/openldap openldap/2.4.26
- version/openldap openldap/2.4.27
- version/openldap openldap/2.4.28
- version/openldap openldap/2.4.29
- version/openldap openldap/2.4.30
- version/openldap openldap/2.4.31
- version/openldap openldap/2.4.32
- version/openldap openldap/2.4.33
- version/openldap openldap/2.4.34
- version/openldap openldap/2.4.35
- vendor/apple
- canonical/apple macos catalina
- canonical/apple mojave
- canonical/apple high sierra
- package-manager/debian