Back to search
CVE-2012-3429
Published: Aug 7, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1027341
vdb-entry
x_refsource_SECTRACK
RHSA-2012:1139
vendor-advisory
x_refsource_REDHAT
binddyndbldap-dnstoldapdnescape-dos(77391)
vdb-entry
x_refsource_XF
50159
third-party-advisory
x_refsource_SECUNIA
50086
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=842466
x_refsource_MISC
54787
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now