Summary
The remote host is missing an update to openldap
announced via advisory DSA 2077-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202077-1
Insight
Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-0211
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences.
CVE-2010-0212
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string.
For the stable distribution (lenny), this problem has been fixed in version 2.4.11-1+lenny2. (The missing update for the mips architecture will be provided soon.)
For the unstable distribution (sid), this problem has been fixed in version 2.4.23-1.
We recommend that you upgrade your openldap packages.
Severity
Classification
-
CVE CVE-2010-0211, CVE-2010-0212 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities