Debian GNU/Linux 5.0: DSA-2077-1 Critical: OpenLDAP Remote Execution
debian
July 29, 2010
Two remote vulnerabilities have been discovered in OpenLDAP
Summary
Two remote vulnerabilities have been discovered in OpenLDAP. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2010-0211
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does
not check the return value of a call to the smr_normalize
function, which allows remote attackers to cause a denial of
service (segmentation fault) and possibly execute arbitrary code
via a modrdn call with an RDN string containing invalid UTF-8
sequences.
CVE-2010-0212
OpenLDAP 2.4.22 allows remote attackers to cause a denial of
service (crash) via a modrdn call with a zero-length RDN
destination string.
For the stable distribution (lenny), this problem has been fixed in
version 2.4.11-1+lenny2. (The missing update for the mips
architecture will be provided soon.)
For the unstable distribution (sid), this problem has been fixed in
version 2.4.23-1.
We recommend that you upgrade your openldap packages.
Upgrade instructions
- --------------------
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: openldap
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!