CVE-2010-0211
Published: 28 July 2010
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openldap Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| jaunty |
Released
(2.4.15-1ubuntu3.1)
|
|
| karmic |
Released
(2.4.18-0ubuntu1.1)
|
|
| lucid |
Released
(2.4.21-0ubuntu5.2)
|
|
| upstream |
Released
(2.4.23)
|
|
|
Patches: vendor: http://cvs.fedoraproject.org/viewvc/rpms/openldap/devel/openldap-2.4.22-modrdn-segfault.patch?revision=1.1&view=markup |
||
| This vulnerability is mitigated in part by an AppArmor profile. | ||
|
openldap2.2 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.2.26-5ubuntu2.10)
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
openldap2.3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(2.4.9-0ubuntu0.8.04.4)
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| upstream |
Needs triage
|
|
| This vulnerability is mitigated in part by an AppArmor profile. | ||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |