ID CVE-2010-0211
Summary The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
References
Vulnerable Configurations
  • cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 21-01-2024 - 01:35)
Impact:
Exploitability:
CWE CWE-252
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 605448
    title CVE-2010-0211 openldap: modrdn processing uninitialized pointer free
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment compat-openldap is earlier than 0:2.1.30-12.el4_8.3
            oval oval:com.redhat.rhsa:tst:20100543001
          • comment compat-openldap is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070310002
        • AND
          • comment openldap is earlier than 0:2.2.13-12.el4_8.3
            oval oval:com.redhat.rhsa:tst:20100543003
          • comment openldap is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070310004
        • AND
          • comment openldap-clients is earlier than 0:2.2.13-12.el4_8.3
            oval oval:com.redhat.rhsa:tst:20100543005
          • comment openldap-clients is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070310006
        • AND
          • comment openldap-devel is earlier than 0:2.2.13-12.el4_8.3
            oval oval:com.redhat.rhsa:tst:20100543007
          • comment openldap-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070310008
        • AND
          • comment openldap-servers is earlier than 0:2.2.13-12.el4_8.3
            oval oval:com.redhat.rhsa:tst:20100543009
          • comment openldap-servers is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070310010
        • AND
          • comment openldap-servers-sql is earlier than 0:2.2.13-12.el4_8.3
            oval oval:com.redhat.rhsa:tst:20100543011
          • comment openldap-servers-sql is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070310012
    rhsa
    id RHSA-2010:0543
    released 2010-07-20
    severity Moderate
    title RHSA-2010:0543: openldap security update (Moderate)
  • rhsa
    id RHSA-2010:0542
rpms
  • compat-openldap-0:2.3.43_2.2.29-12.el5_5.1
  • openldap-0:2.3.43-12.el5_5.1
  • openldap-clients-0:2.3.43-12.el5_5.1
  • openldap-debuginfo-0:2.3.43-12.el5_5.1
  • openldap-devel-0:2.3.43-12.el5_5.1
  • openldap-servers-0:2.3.43-12.el5_5.1
  • openldap-servers-overlays-0:2.3.43-12.el5_5.1
  • openldap-servers-sql-0:2.3.43-12.el5_5.1
  • compat-openldap-0:2.1.30-12.el4_8.3
  • openldap-0:2.2.13-12.el4_8.3
  • openldap-clients-0:2.2.13-12.el4_8.3
  • openldap-debuginfo-0:2.2.13-12.el4_8.3
  • openldap-devel-0:2.2.13-12.el4_8.3
  • openldap-servers-0:2.2.13-12.el4_8.3
  • openldap-servers-sql-0:2.2.13-12.el4_8.3
refmap via4
apple APPLE-SA-2010-11-10-1
bid 41770
bugtraq 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap
confirm
gentoo GLSA-201406-36
sectrack 1024221
secunia
  • 40639
  • 40677
  • 40687
  • 42787
suse SUSE-SR:2010:014
vupen
  • ADV-2010-1849
  • ADV-2010-1858
  • ADV-2011-0025
Last major update 21-01-2024 - 01:35
Published 28-07-2010 - 12:48
Last modified 21-01-2024 - 01:35
Back to Top