5

CVE-2010-0212

Exploit
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenldapOpenldap Version2.4.22
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.22% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://support.apple.com/kb/HT4435
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://www.vupen.com/english/advisories/2010/1858
Vendor Advisory
http://secunia.com/advisories/40639
Vendor Advisory
http://secunia.com/advisories/40687
Vendor Advisory
http://secunia.com/advisories/42787
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570
Exploit
http://www.redhat.com/support/errata/RHSA-2010-0542.html
http://www.securityfocus.com/archive/1/515545/100/0/threaded
http://www.securityfocus.com/bid/41770
Patch
Exploit
http://www.securitytracker.com/id?1024221
http://www.vmware.com/security/advisories/VMSA-2011-0001.html
http://www.vupen.com/english/advisories/2010/1849
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0025