Launchpad CVE tracker

CVE 2010-0212

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.

Related bugs and status

CVE-2010-0212 (Candidate) is related to these bugs:

Bug #370784: cn=config is not documented in README.Debian

Summary				In	Importance	Status
	370784	cn=config is not documented in README.Debian		openldap (Ubuntu)	Wishlist	Fix Released

Bug #442498: openldap install bare bones need default DIT separate package

Summary				In	Importance	Status
	442498	openldap install bare bones need default DIT separate package		openldap (Ubuntu)	Wishlist	Fix Released

Bug #610561: OpenLDAP Security Fixes?

Summary				In	Importance	Status
	610561	OpenLDAP Security Fixes?		openldap (Ubuntu)	High	Fix Released

Bug #632051: Improve slapd postinst error message in case database directory can't be determined for a given LDAP suffix

Summary				In	Importance	Status
	632051	Improve slapd postinst error message in case database directory can't be determined for a given LDAP suffix		openldap (Ubuntu)	Wishlist	Triaged

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-0212

References