CVE-2011-1081 – OpenLDAP 2.4.x - 'modrdn' NULL OldDN Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-1081
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field. modrdn.c en slapd en OpenLDAP v2.4.x anterior a v2.4.24 permite a atacantes remotos provocar una denegación de servicio (caída de demonio) mediante una petición de modificación del nombre completo relativo (DN) (también conocido como operación MODRDN) que contiene un valor vacío para el campo OldDN. • https://www.exploit-db.com/exploits/35445 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://openwall.com/lists/oss-security/2011/02/28/1 http://openwall.com/lists/oss-security/2011/02/28/2 http://openwall.com/lists/oss-security/2011/03/01/11 http://openwall.com/lists/oss-security/2011/03/01/15 http://secunia.com/advisories/43331 http://secunia.com/advisories/43718 http://security.gentoo.org/glsa/glsa-201406-36.xml http://securitytrac • CWE-399: Resource Management Errors •
CVE-2010-0212 – openldap: modrdn processing IA5StringNormalize NULL pointer dereference
https://notcve.org/view.php?id=CVE-2010-0212
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. OpenLDAP 2.4.22 permite a atacantes remotos provocar una denegación de servicio(caída) a través de una llamada modrdn con una cadena de destino RDN con longitud cero, que no es manejada adecuadamente por la función smr_normalize y que provoca una deferencia a puntero nulo en la función IA5StringNormalize en schema_init.c, como se ha demostrado usando la suite de pruebas Codenomicon LDAPv3. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/40639 http://secunia.com/advisories/40687 http://secunia.com/advisories/42787 http://security.gentoo.org/glsa/glsa-201406-36.xml http://support.apple.com/kb/HT4435 http://www • CWE-264: Permissions, Privileges, and Access Controls CWE-476: NULL Pointer Dereference •
CVE-2010-0211 – OpenLDAP 2.4.22 - 'modrdn' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0211
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. La función slap_modrdn2mods en modrdn.c en OpenLDAP v2.4.22 no comprueba el valor de retorno de la llamada a la función smr_normalize, lo que permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) y posiblemente ejecución de comandos de su elección a través de una llamada a modrdn call con una cadena RDN que contenga secuencias UTF-8 inválidas, lo que provocará la liberación de un puntero no válido ni inicializado en la función slap_mods_free, como se demostró usando la suite de test Codenomicon LDAPv3. • https://www.exploit-db.com/exploits/34348 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/40639 http://secunia.com/advisories/40677 http://secunia.com/advisories/40687 http://secunia.com/advisories/42787 http://security.gentoo.org/glsa/glsa-201406-36.xml http://support.apple.com/kb/H • CWE-252: Unchecked Return Value •
CVE-2009-3767 – OpenLDAP: Doesn't properly handle NULL character in subject Common Name
https://notcve.org/view.php?id=CVE-2009-3767
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. libraries/libldap/tls_o.c en OpenLDAP, cuando se usa OpenSSL, no maneja de forma adecuada el caracter '\0' en un nombre de dominio, dentro del campo sujeto del Common Name (CN) en los certificados X.509, lo que permite a atacantes man-in-the-middle, espíar servidores SSL de su elección a través de certificados manipulados concedidos por Autoridades Certificadoras, esta relacionado con CVE-2009-2408. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://marc.info/?l=oss-security&m=125198917018936&w=2 http://marc.info/?l=oss-security&m=125369675820512&w=2 http://secunia.com/advisories/38769 http://secunia.com/advisories/40677 http://security.gentoo.org/glsa/glsa-201406-36.xml http://support.apple. • CWE-295: Improper Certificate Validation •
CVE-2008-2952 – OpenLDAP BER Decoding Remote DoS Vulnerability
https://notcve.org/view.php?id=CVE-2008-2952
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error. El archivo liblber/io.c en OpenLDAP versiones 2.2.4 hasta 2.4.10, permite a los atacantes remotos causar una denegación de servicio (finalización del programa) por medio de datagramas ASN.1 BER diseñados que desencadenan un error de aserción. This vulnerability allows remote attackers to deny services on vulnerable installations of OpenLDAP. Authentication is not required to exploit this vulnerability. The specific flaw exists in the decoding of ASN.1 BER network datagrams. When the size of a BerElement is specified incorrectly, the application will trigger an assert(), leading to abnormal program termination. • https://www.exploit-db.com/exploits/32000 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html http://secunia.com/advisories/30853 http://secunia.com/advisories/30917 http://secunia.com/advisories/30996 http://secunia.com/advisories/31326 http://secunia.com/advisories/31364 http://secunia.com/advisories/31436 http://secunia.com/advisories/32254 http://secunia.com/advisories/32316 http • CWE-399: Resource Management Errors •