CVE-2010-0212

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://secunia.com/advisories/40639

http://secunia.com/advisories/40687

http://secunia.com/advisories/42787

http://security.gentoo.org/glsa/glsa-201406-36.xml

http://support.apple.com/kb/HT4435

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570

http://www.redhat.com/support/errata/RHSA-2010-0542.html

http://www.securityfocus.com/archive/1/515545/100/0/threaded

http://www.securityfocus.com/bid/41770

http://www.securitytracker.com/id?1024221

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

http://www.vupen.com/english/advisories/2010/1849

http://www.vupen.com/english/advisories/2010/1858

http://www.vupen.com/english/advisories/2011/0025

Details

Source: MITRE

Published: 2010-07-28

Updated: 2018-10-10

Type: CWE-264

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
89673VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0001) (remote check)NessusMisc.
high
76331GLSA-201406-36 : OpenLDAP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
68064Oracle Linux 5 : openldap (ELSA-2010-0542)NessusOracle Linux Local Security Checks
medium
60819Scientific Linux Security Update : openldap on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
51616SuSE 11.1 Security Update : openLDAP (SAT Patch Number 2551)NessusSuSE Local Security Checks
medium
51422VMSA-2011-0001 : VMware ESX third-party updates for Service Console packages glibc, sudo, and openldapNessusVMware ESX Local Security Checks
high
50933SuSE 11 Security Update : openLDAP (SAT Patch Number 2552)NessusSuSE Local Security Checks
medium
800791Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5705Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
50548Mac OS X 10.6.x < 10.6.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
50428Fedora 12 : openldap-2.4.19-6.fc12 (2010-11319)NessusFedora Local Security Checks
medium
49907SuSE 10 Security Update : openLDAP (ZYPP Patch Number 7074)NessusSuSE Local Security Checks
medium
48756openSUSE Security Update : libldap-2_4-2 (openSUSE-SU-2010:0546-1)NessusSuSE Local Security Checks
medium
48754openSUSE Security Update : libldap-2_4-2 (openSUSE-SU-2010:0547-1)NessusSuSE Local Security Checks
medium
48752SuSE9 Security Update : openLDAP2 (YOU Patch Number 12624)NessusSuSE Local Security Checks
medium
48410Fedora 13 : openldap-2.4.21-10.fc13 (2010-11343)NessusFedora Local Security Checks
medium
48282Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : openldap, openldap2.2, openldap2.3 vulnerabilities (USN-965-1)NessusUbuntu Local Security Checks
medium
48220Debian DSA-2077-1 : openldap - several vulnerabilitiesNessusDebian Local Security Checks
medium
48200Mandriva Linux Security Advisory : openldap (MDVSA-2010:142)NessusMandriva Local Security Checks
medium
47877RHEL 5 : openldap (RHSA-2010:0542)NessusRed Hat Local Security Checks
medium
47819openSUSE Security Update : openldap2 (openSUSE-SU-2010:0427-1)NessusSuSE Local Security Checks
medium
47789CentOS 5 : openldap (CESA-2010:0542)NessusCentOS Local Security Checks
medium