<p>Upgrade <code>Debian:8</code> <code>openldap</code> to version 2.4.23-1 or higher.</p>

Access Restriction Bypass Affecting openldap package, versions <2.4.23-1

Threat Intelligence

78.93% (99^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN8-OPENLDAP-304632
published 28 Jul 2010
disclosed 28 Jul 2010

Report a new vulnerability Found a mistake?

Introduced: 28 Jul 2010

CVE-2010-0211 Open this link in a new tab CWE-264 Open this link in a new tab

How to fix?

Upgrade Debian:8 openldap to version 2.4.23-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:8 relevant fixed versions and status.

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

High