QwikSec

Security Database

CVE

CWE

Training

CVE-2010-0211

Published: Jul 27, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

http://support.apple.com/kb/HT4435

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570

x_refsource_CONFIRM

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2010-11-10-1

vendor-advisory

x_refsource_APPLE

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap

mailing-list

x_refsource_BUGTRAQ

SUSE-SR:2010:014

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2010-0211 - Security Vulnerability | QwikSec