Back to search
CVE-2010-0212
Published: Jul 27, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1024221
vdb-entry
x_refsource_SECTRACK
http://support.apple.com/kb/HT4435
x_refsource_CONFIRM
GLSA-201406-36
vendor-advisory
x_refsource_GENTOO
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570
x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2011-0001.html
x_refsource_CONFIRM
ADV-2010-1858
vdb-entry
x_refsource_VUPEN
APPLE-SA-2010-11-10-1
vendor-advisory
x_refsource_APPLE
ADV-2010-1849
vdb-entry
x_refsource_VUPEN
41770
vdb-entry
x_refsource_BID
RHSA-2010:0542
vendor-advisory
x_refsource_REDHAT
40687
third-party-advisory
x_refsource_SECUNIA
20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap
mailing-list
x_refsource_BUGTRAQ
SUSE-SR:2010:014
vendor-advisory
x_refsource_SUSE
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
40639
third-party-advisory
x_refsource_SECUNIA
42787
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0025
vdb-entry
x_refsource_VUPEN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now