Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-0212
HistoryJul 28, 2010 - 12:00 a.m.

CVE-2010-0212

2010-07-2800:00:00
ubuntu.com
ubuntu.com
8

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.965

Percentile

99.6%

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service
(crash) via a modrdn call with a zero-length RDN destination string, which
is not properly handled by the smr_normalize function and triggers a NULL
pointer dereference in the IA5StringNormalize function in schema_init.c, as
demonstrated using the Codenomicon LDAPv3 test suite.

OSVersionArchitecturePackageVersionFilename
ubuntu9.04noarchopenldap< 2.4.15-1ubuntu3.1UNKNOWN
ubuntu9.10noarchopenldap< 2.4.18-0ubuntu1.1UNKNOWN
ubuntu10.04noarchopenldap< 2.4.21-0ubuntu5.2UNKNOWN
ubuntu6.06noarchopenldap2.2< 2.2.26-5ubuntu2.10UNKNOWN
ubuntu8.04noarchopenldap2.3< 2.4.9-0ubuntu0.8.04.4UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.965

Percentile

99.6%