9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.965 High
EPSS
Percentile
99.6%
Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas
Salomäki discovered that the slap_modrdn2mods function in modrdn.c
in OpenLDAP does not check the return value from a call to the
smr_normalize function. A remote attacker could use specially crafted
modrdn requests to crash the slapd daemon or possibly execute arbitrary
code. (CVE-2010-0211)
Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas
Salomäki discovered that OpenLDAP does not properly handle empty
RDN strings. A remote attacker could use specially crafted modrdn
requests to crash the slapd daemon. (CVE-2010-0212)
In the default installation under Ubuntu 8.04 LTS and later, attackers
would be isolated by the OpenLDAP AppArmor profile for the slapd daemon.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | slapd | < 2.4.18-0ubuntu1.1 | UNKNOWN |
Ubuntu | 9.10 | noarch | ldap-utils | < 2.4.18-0ubuntu1.1 | UNKNOWN |
Ubuntu | 9.10 | noarch | libldap-2.4-2 | < 2.4.18-0ubuntu1.1 | UNKNOWN |
Ubuntu | 9.10 | noarch | libldap-2.4-2-dbg | < 2.4.18-0ubuntu1.1 | UNKNOWN |
Ubuntu | 9.10 | noarch | libldap2-dev | < 2.4.18-0ubuntu1.1 | UNKNOWN |
Ubuntu | 9.10 | noarch | slapd-dbg | < 2.4.18-0ubuntu1.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | slapd | < 2.4.15-1ubuntu3.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | ldap-utils | < 2.4.15-1ubuntu3.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | libldap-2.4-2 | < 2.4.15-1ubuntu3.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | libldap-2.4-2-dbg | < 2.4.15-1ubuntu3.1 | UNKNOWN |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.965 High
EPSS
Percentile
99.6%