Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2010-0211

Disclosure Date: July 28, 2010 •

CVE-2010-0211 CVSS v3 Base Score: 9.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

apple,
openldap,
opensuse,
vmware

Products

esxi 4.0,
esxi 4.1,
mac os x,
mac os x server,
openldap 2.4.22,
opensuse 11.0

References

Canonical

CVE-2010-0211 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211)

BID-41770 (http://www.securityfocus.com/bid/41770)

Advisory

SECTRACK-1024221 (http://www.securitytracker.com/id?1024221)

http://support.apple.com/kb/HT4435

GLSA-201406-36 (http://security.gentoo.org/glsa/glsa-201406-36.xml)

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

ADV-2010-1858 (http://www.vupen.com/english/advisories/2010/1858)

SECUNIA-40677 (http://secunia.com/advisories/40677)

APPLE-SA-2010-11-10-1 (http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html)

ADV-2010-1849 (http://www.vupen.com/english/advisories/2010/1849)

http://www.redhat.com/support/errata/RHSA-2010-0542.html

SECUNIA-40687 (http://secunia.com/advisories/40687)

20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap (http://www.securityfocus.com/archive/1/515545/100/0/threaded)

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://www.redhat.com/support/errata/RHSA-2010-0543.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

SECUNIA-40639 (http://secunia.com/advisories/40639)

SECUNIA-42787 (http://secunia.com/advisories/42787)

ADV-2011-0025 (http://www.vupen.com/english/advisories/2011/0025)

Rapid7

Technical Analysis