CVE-2010-0211

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://secunia.com/advisories/40639

http://secunia.com/advisories/40677

http://secunia.com/advisories/40687

http://secunia.com/advisories/42787

http://security.gentoo.org/glsa/glsa-201406-36.xml

http://support.apple.com/kb/HT4435

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570

http://www.redhat.com/support/errata/RHSA-2010-0542.html

http://www.redhat.com/support/errata/RHSA-2010-0543.html

http://www.securityfocus.com/archive/1/515545/100/0/threaded

http://www.securityfocus.com/bid/41770

http://www.securitytracker.com/id?1024221

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

http://www.vupen.com/english/advisories/2010/1849

http://www.vupen.com/english/advisories/2010/1858

http://www.vupen.com/english/advisories/2011/0025

Details

Source: MITRE

Published: 2010-07-28

Updated: 2018-10-10

Type: CWE-264

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
89673VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0001) (remote check)NessusMisc.
high
76331GLSA-201406-36 : OpenLDAP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
68065Oracle Linux 4 : openldap (ELSA-2010-0543)NessusOracle Linux Local Security Checks
medium
68064Oracle Linux 5 : openldap (ELSA-2010-0542)NessusOracle Linux Local Security Checks
medium
60819Scientific Linux Security Update : openldap on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
51616SuSE 11.1 Security Update : openLDAP (SAT Patch Number 2551)NessusSuSE Local Security Checks
medium
51422VMSA-2011-0001 : VMware ESX third-party updates for Service Console packages glibc, sudo, and openldapNessusVMware ESX Local Security Checks
high
50933SuSE 11 Security Update : openLDAP (SAT Patch Number 2552)NessusSuSE Local Security Checks
medium
800791Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5705Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
50548Mac OS X 10.6.x < 10.6.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
50428Fedora 12 : openldap-2.4.19-6.fc12 (2010-11319)NessusFedora Local Security Checks
medium
49907SuSE 10 Security Update : openLDAP (ZYPP Patch Number 7074)NessusSuSE Local Security Checks
medium
48756openSUSE Security Update : libldap-2_4-2 (openSUSE-SU-2010:0546-1)NessusSuSE Local Security Checks
medium
48754openSUSE Security Update : libldap-2_4-2 (openSUSE-SU-2010:0547-1)NessusSuSE Local Security Checks
medium
48752SuSE9 Security Update : openLDAP2 (YOU Patch Number 12624)NessusSuSE Local Security Checks
medium
48410Fedora 13 : openldap-2.4.21-10.fc13 (2010-11343)NessusFedora Local Security Checks
medium
48282Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : openldap, openldap2.2, openldap2.3 vulnerabilities (USN-965-1)NessusUbuntu Local Security Checks
medium
48220Debian DSA-2077-1 : openldap - several vulnerabilitiesNessusDebian Local Security Checks
medium
48200Mandriva Linux Security Advisory : openldap (MDVSA-2010:142)NessusMandriva Local Security Checks
medium
47878RHEL 4 : openldap (RHSA-2010:0543)NessusRed Hat Local Security Checks
medium
47877RHEL 5 : openldap (RHSA-2010:0542)NessusRed Hat Local Security Checks
medium
47819openSUSE Security Update : openldap2 (openSUSE-SU-2010:0427-1)NessusSuSE Local Security Checks
medium
47790CentOS 4 : openldap (CESA-2010:0543)NessusCentOS Local Security Checks
medium
47789CentOS 5 : openldap (CESA-2010:0542)NessusCentOS Local Security Checks
medium