CVE-2010-0211 — CRITICAL (9.8)

Q: How severe is CVE-2010-0211?

CVE-2010-0211 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2010-0211?

Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Vmware Esxi, Opensuse Opensuse, Apple Mac Os X, Apple Mac Os X Server.

Vulnerability Description

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openldap	Openldap	2.4.22
Vmware	Esxi	4.0
Opensuse	Opensuse	11.0
Apple	Mac Os X	>= 10.6.0, < 10.6.5
Apple	Mac Os X Server	>= 10.6.0, < 10.6.5

Related Weaknesses (CWE)

CWE-252

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlMailing List
http://secunia.com/advisories/40639Broken LinkVendor Advisory
http://secunia.com/advisories/40677Broken LinkVendor Advisory
http://secunia.com/advisories/40687Broken LinkVendor Advisory
http://secunia.com/advisories/42787Broken Link
http://security.gentoo.org/glsa/glsa-201406-36.xmlThird Party Advisory
http://support.apple.com/kb/HT4435Issue Tracking
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570Exploit
http://www.redhat.com/support/errata/RHSA-2010-0542.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2010-0543.htmlBroken Link
http://www.securityfocus.com/archive/1/515545/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/41770Broken LinkExploitPatch
http://www.securitytracker.com/id?1024221Broken LinkThird Party AdvisoryVDB Entry

FAQ

What is CVE-2010-0211?

CVE-2010-0211 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmen...

How severe is CVE-2010-0211?

CVE-2010-0211 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2010-0211?

Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Vmware Esxi, Opensuse Opensuse, Apple Mac Os X, Apple Mac Os X Server.