Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 2077-1 (openldap)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to openldap announced via advisory DSA 2077-1.
Insight
Insight
Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0211 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences. CVE-2010-0212 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string. For the stable distribution (lenny), this problem has been fixed in version 2.4.11-1+lenny2. (The missing update for the mips architecture will be provided soon.) For the unstable distribution (sid), this problem has been fixed in version 2.4.23-1. We recommend that you upgrade your openldap packages.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202077-1