Lucene search

K
osvGoogleOSV:DSA-2077-1
HistoryJul 29, 2010 - 12:00 a.m.

openldap - potential code execution

2010-07-2900:00:00
Google
osv.dev
11

0.965 High

EPSS

Percentile

99.6%

Two remote vulnerabilities have been discovered in OpenLDAP. The
Common Vulnerabilities and Exposures project identifies the following
problems:

  • CVE-2010-0211
    The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does
    not check the return value of a call to the smr_normalize
    function, which allows remote attackers to cause a denial of
    service (segmentation fault) and possibly execute arbitrary code
    via a modrdn call with an RDN string containing invalid UTF-8
    sequences.
  • CVE-2010-0212
    OpenLDAP 2.4.22 allows remote attackers to cause a denial of
    service (crash) via a modrdn call with a zero-length RDN
    destination string.

For the stable distribution (lenny), this problem has been fixed in
version 2.4.11-1+lenny2. (The missing update for the mips
architecture will be provided soon.)

For the unstable distribution (sid), this problem has been fixed in
version 2.4.23-1.

We recommend that you upgrade your openldap packages.

CPENameOperatorVersion
openldapeq2.4.11-1
openldapeq2.4.11-1+lenny1