Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2010-0212

Disclosure Date: July 28, 2010 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

openldap

Products

openldap 2.4.22

References

Canonical

CVE-2010-0212 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0212)

BID-41770 (http://www.securityfocus.com/bid/41770)

Advisory

SECTRACK-1024221 (http://www.securitytracker.com/id?1024221)

http://support.apple.com/kb/HT4435

GLSA-201406-36 (http://security.gentoo.org/glsa/glsa-201406-36.xml)

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

ADV-2010-1858 (http://www.vupen.com/english/advisories/2010/1858)

APPLE-SA-2010-11-10-1 (http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html)

ADV-2010-1849 (http://www.vupen.com/english/advisories/2010/1849)

http://www.redhat.com/support/errata/RHSA-2010-0542.html

SECUNIA-40687 (http://secunia.com/advisories/40687)

20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap (http://www.securityfocus.com/archive/1/515545/100/0/threaded)

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

SECUNIA-40639 (http://secunia.com/advisories/40639)

SECUNIA-42787 (http://secunia.com/advisories/42787)

ADV-2011-0025 (http://www.vupen.com/english/advisories/2011/0025)

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

Rapid7

Technical Analysis