CVE-2010-0212
Published: 28 July 2010
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.
Priority
Status
Package | Release | Status |
---|---|---|
openldap Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
jaunty |
Released
(2.4.15-1ubuntu3.1)
|
|
karmic |
Released
(2.4.18-0ubuntu1.1)
|
|
lucid |
Released
(2.4.21-0ubuntu5.2)
|
|
upstream |
Released
(2.4.23)
|
|
Patches: vendor: http://cvs.fedoraproject.org/viewvc/rpms/openldap/devel/openldap-2.4.22-modrdn-segfault.patch?revision=1.1&view=markup |
||
This vulnerability is mitigated in part by an AppArmor profile. | ||
openldap2.2 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.2.26-5ubuntu2.10)
|
hardy |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|
|
openldap2.3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.4.9-0ubuntu0.8.04.4)
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|
|
This vulnerability is mitigated in part by an AppArmor profile. |