Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2011-4079
HistoryOct 27, 2011 - 12:00 a.m.

CVE-2011-4079

2011-10-2700:00:00
ubuntu.com
ubuntu.com
11

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.04 Low

EPSS

Percentile

91.9%

JSON

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and
earlier allows remote attackers to cause a denial of service (slapd crash)
via a zero-length string that triggers a heap-based buffer overflow, as
demonstrated using an empty postalAddressAttribute value in an LDIF entry.

Bugs

Notes

Author Note
tyhicks Per Red Hat, this may not be exploitable due to properties of the memory allocator.
jdstrand patch requires http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=patch;h=d0dd8616f1c68a868afeb8c2c5c09969e366e2c0 while bug exists since 2003, postalAddressValidate() is only function that could pass a 0-length string, and this is not present in 8.04 LTS. while RedHat claims heap implementation makes this not exploitable, will patch Ubuntu 10.04 and higher just in case the evaluation is incorrect.
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchopenldap< 2.4.21-0ubuntu5.6UNKNOWN
ubuntu10.10noarchopenldap< 2.4.23-0ubuntu3.7UNKNOWN
ubuntu11.04noarchopenldap< 2.4.23-6ubuntu6.1UNKNOWN
ubuntu11.10noarchopenldap< 2.4.25-1.1ubuntu4.1UNKNOWN

Related

prion 1
ubuntu 1
openvas 4
debiancve 1
nessus 2
cve 1
securityvulns 2
gentoo 1
prion
prion
Heap overflow
2011-10-27 20:55:00
ubuntu
ubuntu
OpenLDAP vulnerability
2011-11-17 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1266-1)
2011-11-18 00:00:00
Ubuntu Update for openldap USN-1266-1
2011-11-18 00:00:00
OpenLDAP < 2.4.27 DoS Vulnerability
2021-11-02 00:00:00
debiancve
debiancve
CVE-2011-4079
2011-10-27 20:55:00
nessus
nessus
Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : openldap vulnerability (USN-1266-1)
2011-11-18 00:00:00
GLSA-201406-36 : OpenLDAP: Multiple vulnerabilities
2014-07-01 00:00:00
cve
cve
CVE-2011-4079
2011-10-27 20:55:00
securityvulns
securityvulns
OpenLDAP buffer overflow
2011-11-20 00:00:00
[USN-1266-1] OpenLDAP vulnerability
2011-11-20 00:00:00
gentoo
gentoo
OpenLDAP: Multiple vulnerabilities
2014-06-30 00:00:00

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.04 Low

EPSS

Percentile

91.9%

JSON
Related for UB:CVE-2011-4079
prion1ubuntu1openvas4debiancve1nessus2cve1securityvulns2gentoo1