ID CVE-2012-2134
Summary The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infinite loop and named server hang) via a non-alphabet character in the base DN in an LDAP search DNS query.
References
Vulnerable Configurations
  • cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:a1:*:*:*:*:*:*
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:b:*:*:*:*:*:*
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:b:*:*:*:*:*:*
  • cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:b1:*:*:*:*:*:*
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a1:*:*:*:*:*:*
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a2:*:*:*:*:*:*
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a2:*:*:*:*:*:*
  • cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b1:*:*:*:*:*:*
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b2:*:*:*:*:*:*
    cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b2:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 10-03-2014 - 19:18)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 815846
title CVE-2012-2134 bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap
oval
AND
  • comment bind-dyndb-ldap is earlier than 0:0.2.0-7.el6_2.1
    oval oval:com.redhat.rhsa:tst:20120683005
  • comment bind-dyndb-ldap is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhsa:tst:20120683006
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
rhsa
id RHSA-2012:0683
released 2012-05-21
severity Important
title RHSA-2012:0683: bind-dyndb-ldap security update (Important)
rpms bind-dyndb-ldap-0:0.2.0-7.el6_2.1
refmap via4
confirm
mlist
  • [Freeipa-users] 20120424 named-dyndb-ldap looses connection when the LDAP server is under high load
  • [oss-security] 20140424 Re: CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap
osvdb 81619
secunia 48901
Last major update 10-03-2014 - 19:18
Published 26-02-2014 - 15:55
Back to Top