Lucene search

K
ubuntuUbuntuUSN-965-1
HistoryAug 09, 2010 - 12:00 a.m.

OpenLDAP vulnerabilities

2010-08-0900:00:00
ubuntu.com
42

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.965 High

EPSS

Percentile

99.6%

Releases

  • Ubuntu 10.04
  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.04
  • Ubuntu 6.06

Packages

  • openldap -
  • openldap2.2 -
  • openldap2.3 -

Details

Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas
Salomäki discovered that the slap_modrdn2mods function in modrdn.c
in OpenLDAP does not check the return value from a call to the
smr_normalize function. A remote attacker could use specially crafted
modrdn requests to crash the slapd daemon or possibly execute arbitrary
code. (CVE-2010-0211)

Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas
Salomäki discovered that OpenLDAP does not properly handle empty
RDN strings. A remote attacker could use specially crafted modrdn
requests to crash the slapd daemon. (CVE-2010-0212)

In the default installation under Ubuntu 8.04 LTS and later, attackers
would be isolated by the OpenLDAP AppArmor profile for the slapd daemon.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchslapd< 2.4.18-0ubuntu1.1UNKNOWN
Ubuntu9.10noarchldap-utils< 2.4.18-0ubuntu1.1UNKNOWN
Ubuntu9.10noarchlibldap-2.4-2< 2.4.18-0ubuntu1.1UNKNOWN
Ubuntu9.10noarchlibldap-2.4-2-dbg< 2.4.18-0ubuntu1.1UNKNOWN
Ubuntu9.10noarchlibldap2-dev< 2.4.18-0ubuntu1.1UNKNOWN
Ubuntu9.10noarchslapd-dbg< 2.4.18-0ubuntu1.1UNKNOWN
Ubuntu9.04noarchslapd< 2.4.15-1ubuntu3.1UNKNOWN
Ubuntu9.04noarchldap-utils< 2.4.15-1ubuntu3.1UNKNOWN
Ubuntu9.04noarchlibldap-2.4-2< 2.4.15-1ubuntu3.1UNKNOWN
Ubuntu9.04noarchlibldap-2.4-2-dbg< 2.4.15-1ubuntu3.1UNKNOWN
Rows per page:
1-10 of 271

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.965 High

EPSS

Percentile

99.6%