CVE-2010-0211
Published: 28 July 2010
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
Priority
Status
Package | Release | Status |
---|---|---|
openldap Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
jaunty |
Released
(2.4.15-1ubuntu3.1)
|
|
karmic |
Released
(2.4.18-0ubuntu1.1)
|
|
lucid |
Released
(2.4.21-0ubuntu5.2)
|
|
upstream |
Released
(2.4.23)
|
|
Patches: vendor: http://cvs.fedoraproject.org/viewvc/rpms/openldap/devel/openldap-2.4.22-modrdn-segfault.patch?revision=1.1&view=markup |
||
This vulnerability is mitigated in part by an AppArmor profile. | ||
openldap2.2 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.2.26-5ubuntu2.10)
|
hardy |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|
|
openldap2.3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.4.9-0ubuntu0.8.04.4)
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|
|
This vulnerability is mitigated in part by an AppArmor profile. |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |