Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в OpenLDAP
Опубликовано:30 июля 2010 г.
Источник:
SecurityVulns ID:11025
Тип:удаленная
Уровень опасности:
6/10
Описание:Повреждения памяти, DoS-условия.
Затронутые продукты:OPENLDAP : OpenLDAP 2.4
CVE:CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.)
 CVE-2010-0211 (The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:142 ] openldap (30.07.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород