Vulnerabilities > CVE-2010-0211 - Unchecked Return Value vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
openldap
vmware
opensuse
apple
CWE-252
critical
nessus
exploit available

Summary

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionOpenLDAP 2.4.22 'modrdn' Request Multiple Vulnerabilities. CVE-2010-0211 . Dos exploit for linux platform
idEDB-ID:34348
last seen2016-02-03
modified2010-07-19
published2010-07-19
reporterIlkka Mattila
sourcehttps://www.exploit-db.com/download/34348/
titleOpenLDAP 2.4.22 - 'modrdn' Request Multiple Vulnerabilities

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_OPENLDAP2-100712.NASL
    descriptionThe following issues have been fixed in OpenLDAP: specially crafted MODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and CVE-2010-0212).
    last seen2020-06-01
    modified2020-06-02
    plugin id47819
    published2010-07-26
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47819
    titleopenSUSE Security Update : openldap2 (openSUSE-SU-2010:0427-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openldap2-2727.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47819);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:37");
    
      script_cve_id("CVE-2010-0211", "CVE-2010-0212");
    
      script_name(english:"openSUSE Security Update : openldap2 (openSUSE-SU-2010:0427-1)");
      script_summary(english:"Check for the openldap2-2727 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The following issues have been fixed in OpenLDAP: specially crafted
    MODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and
    CVE-2010-0212)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=612430"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2010-07/msg00036.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openldap2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-back-meta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-back-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-client-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/07/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"openldap2-2.4.9-7.8") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"openldap2-back-meta-2.4.9-7.8") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"openldap2-back-perl-2.4.9-7.8") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"openldap2-client-2.4.9-7.8") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"openldap2-devel-2.4.9-7.8") ) flag++;
    if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"openldap2-client-32bit-2.4.9-7.8") ) flag++;
    if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"openldap2-devel-32bit-2.4.9-7.8") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openldap");
    }
    
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2011-0001_REMOTE.NASL
    descriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including arbitrary code execution vulnerabilities, in several third-party components and libraries : - glibc - glibc-common - nscd - openldap - sudo
    last seen2020-06-01
    modified2020-06-02
    plugin id89673
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89673
    titleVMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0001) (remote check)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar
    last seen2020-06-01
    modified2020-06-02
    plugin id50548
    published2010-11-10
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50548
    titleMac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBLDAP-2_4-2-100615.NASL
    descriptionSeveral issues have been fixed in OpenLDAP : - specially crafted MODRDN operations can crash the OpenLDAP server. (CVE-2010-0211 / CVE-2010-0212) - syncrepl might loose deletes in refreshAndPersist mode - DoS when handling 0-bytes
    last seen2020-06-01
    modified2020-06-02
    plugin id50933
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50933
    titleSuSE 11 Security Update : openLDAP (SAT Patch Number 2552)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201406-36.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201406-36 (OpenLDAP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, bypass security restrictions or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id76331
    published2014-07-01
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76331
    titleGLSA-201406-36 : OpenLDAP: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2077.NASL
    descriptionTwo remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0211 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences. - CVE-2010-0212 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string.
    last seen2020-06-01
    modified2020-06-02
    plugin id48220
    published2010-08-03
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48220
    titleDebian DSA-2077-1 : openldap - several vulnerabilities
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2011-0001.NASL
    descriptiona. Service Console update for glibc The service console packages glibc, glibc-common, and nscd are each updated to version 2.5-34.4908.vmw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3847 and CVE-2010-3856 to the issues addressed in this update. b. Service Console update for sudo The service console package sudo is updated to version 1.7.2p1-8.el5_5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2956 to the issue addressed in this update. c. Service Console update for openldap The service console package openldap is updated to version 2.3.43-12.el5_5.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0211 and CVE-2010-0212 to the issues addressed in this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id51422
    published2011-01-06
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51422
    titleVMSA-2011-0001 : VMware ESX third-party updates for Service Console packages glibc, sudo, and openldap
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-142.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in openldap : The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite (CVE-2010-0211). OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite (CVE-2010-0212). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id48200
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48200
    titleMandriva Linux Security Advisory : openldap (MDVSA-2010:142)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBLDAP-2_4-2-100616.NASL
    descriptionSeveral issues have been fixed in OpenLDAP : - specially crafted MODRDN operations can crash the OpenLDAP server. (CVE-2010-0211 / CVE-2010-0212) - syncrepl might loose deletes in refreshAndPersist mode
    last seen2020-06-01
    modified2020-06-02
    plugin id51616
    published2011-01-21
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51616
    titleSuSE 11.1 Security Update : openLDAP (SAT Patch Number 2551)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-11319.NASL
    description - fixed regression caused by tls accept patch - updated autofs schema - openldap built with conectionless support Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50428
    published2010-11-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50428
    titleFedora 12 : openldap-2.4.19-6.fc12 (2010-11319)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0622.NASL
    descriptionUpdated rhev-hypervisor packages that fix multiple security issues and two bugs are now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system
    last seen2020-06-01
    modified2020-06-02
    plugin id79276
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79276
    titleRHEL 5 : rhev-hypervisor (RHSA-2010:0622)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBLDAP-2_4-2-100707.NASL
    descriptionThe following issues have been fixed in OpenLDAP: specially crafted MODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and CVE-2010-0212). also fixed were following bugs : - adding a
    last seen2020-06-01
    modified2020-06-02
    plugin id48754
    published2010-08-26
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48754
    titleopenSUSE Security Update : libldap-2_4-2 (openSUSE-SU-2010:0547-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12624.NASL
    descriptionThis update fixes two denial of service bugs in the openldap server while handling MODRDN operations. (CVE-2010-0211 and CVE-2010-0212)
    last seen2020-06-01
    modified2020-06-02
    plugin id48752
    published2010-08-26
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48752
    titleSuSE9 Security Update : openLDAP2 (YOU Patch Number 12624)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_OPENLDAP2-7074.NASL
    descriptionSeveral issues have been fixed in OpenLDAP: - specially crafted MODRDN operations can crash the OpenLDAP server. (CVE-2010-0211 / CVE-2010-0212) - syncrepl might loose deletes in refreshAndPersist mode - replicating from a SLES11 master to a SLES10 slave can cause inconsistencies - libldap hangs with 100% CPU when referral chasing is enabled
    last seen2020-06-01
    modified2020-06-02
    plugin id49907
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49907
    titleSuSE 10 Security Update : openLDAP (ZYPP Patch Number 7074)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0542.NASL
    descriptionUpdated openldap packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. Multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially crafted modrdn requests. (CVE-2010-0211, CVE-2010-0212) Red Hat would like to thank CERT-FI for responsibly reporting these flaws, who credit Ilkka Mattila and Tuomas Salomaki for the discovery of the issues. Users of OpenLDAP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id47877
    published2010-07-28
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47877
    titleRHEL 5 : openldap (RHSA-2010:0542)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0543.NASL
    descriptionFrom Red Hat Security Advisory 2010:0543 : Updated openldap packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. An uninitialized pointer use flaw was discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use this flaw to crash the slapd daemon via specially crafted modrdn requests. (CVE-2010-0211) Red Hat would like to thank CERT-FI for responsibly reporting the CVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomaki for the discovery of the issue. A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using OpenLDAP libraries into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. (CVE-2009-3767) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id68065
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68065
    titleOracle Linux 4 : openldap (ELSA-2010-0543)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0542.NASL
    descriptionUpdated openldap packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. Multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially crafted modrdn requests. (CVE-2010-0211, CVE-2010-0212) Red Hat would like to thank CERT-FI for responsibly reporting these flaws, who credit Ilkka Mattila and Tuomas Salomaki for the discovery of the issues. Users of OpenLDAP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id47789
    published2010-07-22
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47789
    titleCentOS 5 : openldap (CESA-2010:0542)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-11343.NASL
    description - Tue Jul 20 2010 Jan Vcelak <jvcelak at redhat.com> - 2.4.21-10 - CVE-2010-0211 openldap: modrdn processing uninitialized pointer free (#605448) - CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference (#605452) - obsolete configuration file moved to /usr/share/openldap-servers (#612602) - Thu Jul 1 2010 Jan Zeleny <jzeleny at redhat.com> - 2.4.21-9 - another shot at previous fix - Wed Jun 30 2010 Jan Zeleny <jzeleny at redhat.com> - 2.4.21-8 - fixed issue with owner of /usr/lib/ldap/__db.* (#609523) - Thu May 27 2010 Jan Zeleny <jzeleny at redhat.com> - 2.4.21-7 - updated autofs schema (#587722) - openldap built with conectionless support (#587722) - Fri Mar 19 2010 Jan Zeleny <jzeleny at redhat.com> - 2.4.21-6 - moved slapd to start earlier during boot sequence - Tue Mar 16 2010 Jan Zeleny <jzeleny at redhat.com> - 2.4.21-5 - minor corrections of init script (#571235, #570057, #573804) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id48410
    published2010-08-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48410
    titleFedora 13 : openldap-2.4.21-10.fc13 (2010-11343)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100720_OPENLDAP_ON_SL5_X.NASL
    descriptionMultiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially crafted modrdn requests. (CVE-2010-0211, CVE-2010-0212) After installing this update, the OpenLDAP daemons will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id60819
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60819
    titleScientific Linux Security Update : openldap on SL5.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0542.NASL
    descriptionFrom Red Hat Security Advisory 2010:0542 : Updated openldap packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. Multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially crafted modrdn requests. (CVE-2010-0211, CVE-2010-0212) Red Hat would like to thank CERT-FI for responsibly reporting these flaws, who credit Ilkka Mattila and Tuomas Salomaki for the discovery of the issues. Users of OpenLDAP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id68064
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68064
    titleOracle Linux 5 : openldap (ELSA-2010-0542)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBLDAP-2_4-2-100707.NASL
    descriptionThe following issues have been fixed in OpenLDAP: specially crafted MODRDN operations can crash the OpenLDAP server (CVE-2010-0211 and CVE-2010-0212). also fixed was following bug : - Delete Operations happening during the
    last seen2020-06-01
    modified2020-06-02
    plugin id48756
    published2010-08-26
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48756
    titleopenSUSE Security Update : libldap-2_4-2 (openSUSE-SU-2010:0546-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0543.NASL
    descriptionUpdated openldap packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. An uninitialized pointer use flaw was discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use this flaw to crash the slapd daemon via specially crafted modrdn requests. (CVE-2010-0211) Red Hat would like to thank CERT-FI for responsibly reporting the CVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomaki for the discovery of the issue. A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using OpenLDAP libraries into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. (CVE-2009-3767) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id47790
    published2010-07-22
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47790
    titleCentOS 4 : openldap (CESA-2010:0543)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-965-1.NASL
    descriptionUsing the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas Salomaki discovered that the slap_modrdn2mods function in modrdn.c in OpenLDAP does not check the return value from a call to the smr_normalize function. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon or possibly execute arbitrary code. (CVE-2010-0211) Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas Salomaki discovered that OpenLDAP does not properly handle empty RDN strings. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon. (CVE-2010-0212) In the default installation under Ubuntu 8.04 LTS and later, attackers would be isolated by the OpenLDAP AppArmor profile for the slapd daemon. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id48282
    published2010-08-10
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48282
    titleUbuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : openldap, openldap2.2, openldap2.3 vulnerabilities (USN-965-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0543.NASL
    descriptionUpdated openldap packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. An uninitialized pointer use flaw was discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use this flaw to crash the slapd daemon via specially crafted modrdn requests. (CVE-2010-0211) Red Hat would like to thank CERT-FI for responsibly reporting the CVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomaki for the discovery of the issue. A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using OpenLDAP libraries into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. (CVE-2009-3767) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id47878
    published2010-07-28
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47878
    titleRHEL 4 : openldap (RHSA-2010:0543)

Redhat

advisories
  • bugzilla
    id605448
    titleCVE-2010-0211 openldap: modrdn processing uninitialized pointer free
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentopenldap-devel is earlier than 0:2.2.13-12.el4_8.3
            ovaloval:com.redhat.rhsa:tst:20100543001
          • commentopenldap-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070310006
        • AND
          • commentopenldap-servers-sql is earlier than 0:2.2.13-12.el4_8.3
            ovaloval:com.redhat.rhsa:tst:20100543003
          • commentopenldap-servers-sql is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070310010
        • AND
          • commentopenldap-servers is earlier than 0:2.2.13-12.el4_8.3
            ovaloval:com.redhat.rhsa:tst:20100543005
          • commentopenldap-servers is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070310012
        • AND
          • commentopenldap-clients is earlier than 0:2.2.13-12.el4_8.3
            ovaloval:com.redhat.rhsa:tst:20100543007
          • commentopenldap-clients is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070310004
        • AND
          • commentcompat-openldap is earlier than 0:2.1.30-12.el4_8.3
            ovaloval:com.redhat.rhsa:tst:20100543009
          • commentcompat-openldap is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070310008
        • AND
          • commentopenldap is earlier than 0:2.2.13-12.el4_8.3
            ovaloval:com.redhat.rhsa:tst:20100543011
          • commentopenldap is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070310002
    rhsa
    idRHSA-2010:0543
    released2010-07-20
    severityModerate
    titleRHSA-2010:0543: openldap security update (Moderate)
  • rhsa
    idRHSA-2010:0542
rpms
  • compat-openldap-0:2.3.43_2.2.29-12.el5_5.1
  • openldap-0:2.3.43-12.el5_5.1
  • openldap-clients-0:2.3.43-12.el5_5.1
  • openldap-debuginfo-0:2.3.43-12.el5_5.1
  • openldap-devel-0:2.3.43-12.el5_5.1
  • openldap-servers-0:2.3.43-12.el5_5.1
  • openldap-servers-overlays-0:2.3.43-12.el5_5.1
  • openldap-servers-sql-0:2.3.43-12.el5_5.1
  • compat-openldap-0:2.1.30-12.el4_8.3
  • openldap-0:2.2.13-12.el4_8.3
  • openldap-clients-0:2.2.13-12.el4_8.3
  • openldap-debuginfo-0:2.2.13-12.el4_8.3
  • openldap-devel-0:2.2.13-12.el4_8.3
  • openldap-servers-0:2.2.13-12.el4_8.3
  • openldap-servers-sql-0:2.2.13-12.el4_8.3

References