Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2010-0211

Disclosure Date: July 28, 2010 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

openldap

Products

openldap 2.4.22

References

Canonical

CVE-2010-0211 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211)

BID-41770 (http://www.securityfocus.com/bid/41770)

Advisory

SECTRACK-1024221 (http://www.securitytracker.com/id?1024221)

http://support.apple.com/kb/HT4435

GLSA-201406-36 (http://security.gentoo.org/glsa/glsa-201406-36.xml)

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

ADV-2010-1858 (http://www.vupen.com/english/advisories/2010/1858)

SECUNIA-40677 (http://secunia.com/advisories/40677)

APPLE-SA-2010-11-10-1 (http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html)

ADV-2010-1849 (http://www.vupen.com/english/advisories/2010/1849)

http://www.redhat.com/support/errata/RHSA-2010-0542.html

SECUNIA-40687 (http://secunia.com/advisories/40687)

20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap (http://www.securityfocus.com/archive/1/515545/100/0/threaded)

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://www.redhat.com/support/errata/RHSA-2010-0543.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

SECUNIA-40639 (http://secunia.com/advisories/40639)

SECUNIA-42787 (http://secunia.com/advisories/42787)

ADV-2011-0025 (http://www.vupen.com/english/advisories/2011/0025)

Rapid7

Technical Analysis