CVE-2006-5779

Name: CVE-2006-5779
Creator: NVD / NIST
Published: 2006-11-07T18:07:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 75.37%

Last modified Jun 16, 2026

CVE-2006-5779 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.. EPSS estimates a 75.37% chance of exploitation in the next 30 days.

Description

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

75.37%

99.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-617

Affected Software

Vendor	Product	Versions
Openldap	Openldap	< 2.3.29
Canonical	Ubuntu Linux	5.10
Canonical	Ubuntu Linux	6.06
Canonical	Ubuntu Linux	6.10

References

http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gzBroken Link, Exploit
http://gleg.net/vulndisco_meta.shtmlBroken Link, Exploit
http://secunia.com/advisories/22750Broken Link, Vendor Advisory
http://secunia.com/advisories/22953Broken Link, Vendor Advisory
http://secunia.com/advisories/22996Broken Link, Vendor Advisory
http://secunia.com/advisories/23125Broken Link, Vendor Advisory
http://secunia.com/advisories/23133Broken Link, Vendor Advisory
http://secunia.com/advisories/23152Broken Link, Vendor Advisory
http://secunia.com/advisories/23170Broken Link, Vendor Advisory
http://security.gentoo.org/glsa/glsa-200611-25.xmlThird Party Advisory
http://securityreason.com/securityalert/1831Broken Link
http://securitytracker.com/id?1017166Broken Link, Exploit, Third Party Advisory, VDB Entry
http://www.mandriva.com/security/advisories?name=MDKSA-2006:208Broken Link
http://www.novell.com/linux/security/advisories/2006_72_openldap2.htmlBroken Link
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740Exploit, Issue Tracking
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.htmlBroken Link
http://www.securityfocus.com/archive/1/450728/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/20939Broken Link, Exploit, Third Party Advisory, VDB Entry
http://www.trustix.org/errata/2006/0066/Broken Link
http://www.ubuntu.com/usn/usn-384-1Third Party Advisory
http://www.vupen.com/english/advisories/2006/4379Broken Link, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30076Third Party Advisory, VDB Entry
https://issues.rpath.com/browse/RPL-820Broken Link
http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gzBroken Link, Exploit
http://gleg.net/vulndisco_meta.shtmlBroken Link, Exploit
http://secunia.com/advisories/22750Broken Link, Vendor Advisory
http://secunia.com/advisories/22953Broken Link, Vendor Advisory
http://secunia.com/advisories/22996Broken Link, Vendor Advisory
http://secunia.com/advisories/23125Broken Link, Vendor Advisory
http://secunia.com/advisories/23133Broken Link, Vendor Advisory
http://secunia.com/advisories/23152Broken Link, Vendor Advisory
http://secunia.com/advisories/23170Broken Link, Vendor Advisory
http://security.gentoo.org/glsa/glsa-200611-25.xmlThird Party Advisory
http://securityreason.com/securityalert/1831Broken Link
http://securitytracker.com/id?1017166Broken Link, Exploit, Third Party Advisory, VDB Entry
http://www.mandriva.com/security/advisories?name=MDKSA-2006:208Broken Link
http://www.novell.com/linux/security/advisories/2006_72_openldap2.htmlBroken Link
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740Exploit, Issue Tracking
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.htmlBroken Link
http://www.securityfocus.com/archive/1/450728/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/20939Broken Link, Exploit, Third Party Advisory, VDB Entry
http://www.trustix.org/errata/2006/0066/Broken Link
http://www.ubuntu.com/usn/usn-384-1Third Party Advisory
http://www.vupen.com/english/advisories/2006/4379Broken Link, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30076Third Party Advisory, VDB Entry
https://issues.rpath.com/browse/RPL-820Broken Link

Timeline

Published: Nov 7, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-5779?

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

How severe is CVE-2006-5779?

CVE-2006-5779 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 75.37% probability of exploitation in the next 30 days.

How do I fix CVE-2006-5779?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-5779?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST