5
CVE-2012-3429
- EPSS 3.07%
- Veröffentlicht 07.08.2012 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:43:12
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Martin Nagy ≫ Bind-dyndb-ldap Updaterc1 Version <= 1.1.0
Martin Nagy ≫ Bind-dyndb-ldap Version0.1.0 Updatea1
Martin Nagy ≫ Bind-dyndb-ldap Version0.1.0 Updateb
Martin Nagy ≫ Bind-dyndb-ldap Version0.2.0
Martin Nagy ≫ Bind-dyndb-ldap Version1.0.0 Updateb1
Martin Nagy ≫ Bind-dyndb-ldap Version1.0.0 Updaterc1
Martin Nagy ≫ Bind-dyndb-ldap Version1.1.0 Updatea1
Martin Nagy ≫ Bind-dyndb-ldap Version1.1.0 Updatea2
Martin Nagy ≫ Bind-dyndb-ldap Version1.1.0 Updateb1
Martin Nagy ≫ Bind-dyndb-ldap Version1.1.0 Updateb2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.07% | 0.859 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006
http://rhn.redhat.com/errata/RHSA-2012-1139.html
http://secunia.com/advisories/50086
http://secunia.com/advisories/50159
http://www.openwall.com/lists/oss-security/2012/08/02/5
http://www.securityfocus.com/bid/54787
http://www.securitytracker.com/id?1027341
https://bugzilla.redhat.com/show_bug.cgi?id=842466
https://exchange.xforce.ibmcloud.com/vulnerabilities/77391