Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 493
Alerts This Week
Warning Icon 1 493

Debian GNU/Linux 5.0: DSA-2077-1 Critical: OpenLDAP Remote Execution

debian
Calendar Grey July 29, 2010
Debian Logo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
Two remote vulnerabilities have been discovered in OpenLDAP

Summary

Two remote vulnerabilities have been discovered in OpenLDAP. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2010-0211

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does
not check the return value of a call to the smr_normalize
function, which allows remote attackers to cause a denial of
service (segmentation fault) and possibly execute arbitrary code
via a modrdn call with an RDN string containing invalid UTF-8
sequences.

CVE-2010-0212

OpenLDAP 2.4.22 allows remote attackers to cause a denial of
service (crash) via a modrdn call with a zero-length RDN
destination string.

For the stable distribution (lenny), this problem has been fixed in
version 2.4.11-1+lenny2. (The missing update for the mips
architecture will be provided soon.)

For the unstable distribution (sid), this problem has been fixed in
version 2.4.23-1.

We recommend that you upgrade your openldap packages.

Upgrade instructions
- --------------------

...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: openldap

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.