Vulnerability CVE-2012-1164

Vulnerability Name:

CVE-2012-1164 (CCN-76521)

Assigned:

2012-01-29

Published:

2012-01-29

Updated:

2017-01-07

Summary:

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2012-1164

Source: CCN
Type: RHSA-2012-0899
Low: openldap security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:0899

Source: FULLDISC
Type: UNKNOWN
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra

Source: CCN
Type: SA48372
OpenLDAP Attributes Only LDAP Search Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
48372

Source: SECUNIA
Type: Vendor Advisory
49607

Source: GENTOO
Type: UNKNOWN
GLSA-201406-36

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2012:130

Source: CONFIRM
Type: Vendor Advisory
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7143

Source: CCN
Type: openldap-its
Mozilla NSS: default cipher suite always selected

Source: CCN
Type: OpenLDAP Web Site
2.4.31 Release Changes

Source: CONFIRM
Type: UNKNOWN
http://www.openldap.org/software/release/changes.html

Source: CCN
Type: OSVDB ID: 80086
OpenLDAP Attributes Only LDAP Search Request Parsing Remote DoS

Source: BID
Type: UNKNOWN
52404

Source: CCN
Type: BID-52404
OpenLDAP LDAP Search Request Remote Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
openldap-search-dos(76521)

Source: BUGTRAQ
Type: UNKNOWN
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra

Source: CCN
Type: Apple security document HT210788
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/kb/HT210788

Vulnerable Configuration:

Configuration 1:

cpe:/a:openldap:openldap:2.4.6:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.7:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.8:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.9:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.10:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.11:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.12:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.13:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.14:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.15:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.16:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.17:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.18:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.19:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.20:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.21:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.22:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.23:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.24:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.25:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.26:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.27:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.28:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:*:*:*:*:*:*:*:* (Version <= 2.4.29)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openldap:openldap:2.4.22:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.23:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.24:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.25:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.26:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.27:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.28:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.29:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.30:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20121164	V	CVE-2012-1164	2022-05-20
oval:org.opensuse.security:def:42282	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:26225	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:33062	P	Security update for gettext-runtime (Moderate)	2021-12-14
oval:org.opensuse.security:def:26181	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:32231	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:31709	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:26152	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:33023	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:26143	P	Security update for curl (Moderate)	2021-10-11
oval:org.opensuse.security:def:32180	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:32175	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:26104	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:32162	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:26100	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:26088	P	Security update for the Linux Kernel (Important)	2021-07-14
oval:org.opensuse.security:def:31651	P	Security update for libsolv (Important)	2021-06-28
oval:org.opensuse.security:def:32123	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:26077	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:26076	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:32118	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:26074	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:36527	P	openldap2-2.4.26-0.30.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36099	P	compat-libldap-2_3-0-2.3.37-2.30.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42506	P	compat-libldap-2_3-0-2.3.37-2.30.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26055	P	Security update for hivex (Moderate)	2021-05-26
oval:org.opensuse.security:def:32280	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31354	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:32267	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:26201	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:31343	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:31342	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:26157	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:32096	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:31652	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:32839	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:32019	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:31566	P	Security update for python (Important)	2020-12-11
oval:org.opensuse.security:def:31565	P	Security update for openssl (Important)	2020-12-11
oval:org.opensuse.security:def:32008	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:25972	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:31560	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:35875	P	compat-libldap-2_3-0-2.3.37-2.24.36 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36347	P	libldap-openssl1-2_4-2-2.4.26-0.28.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42754	P	libldap-openssl1-2_4-2-2.4.26-0.28.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25660	P	Security update for sane-backends (Important)	2020-12-01
oval:org.opensuse.security:def:31932	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26614	P	mozilla-xulrunner190 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33310	P	libldap-openssl1-2_4-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25649	P	Security update for libcdio (Low)	2020-12-01
oval:org.opensuse.security:def:31875	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:26575	P	krb5-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33271	P	tar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25648	P	Security update for python36 (Important)	2020-12-01
oval:org.opensuse.security:def:31783	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26526	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32633	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32589	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31577	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:26322	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:32567	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26238	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32528	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27525	P	openldap2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32479	P	LibVNCServer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27490	P	libtasn1-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32423	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:26852	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26808	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25908	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26794	P	openvpn on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25897	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26755	P	libnetpbm10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26874	P	compat-libldap-2_3-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25896	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:32031	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26706	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26839	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31899	P	Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:26653	P	xorg-x11-Xvnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31825	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26502	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31814	P	Security update for apache2-mod_nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:26418	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:31813	P	Security update for apache2-mod_jk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26361	P	Security update for kopete (Low)	2020-12-01
oval:org.opensuse.security:def:32800	P	unrar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26280	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26002	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25851	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25767	P	Security update for DirectFB (Important)	2020-12-01
oval:org.opensuse.security:def:32057	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:27097	P	compat-libldap-2_3-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25710	P	Security update for log4j (Important)	2020-12-01
oval:org.opensuse.security:def:27062	P	xorg-x11-server-dmx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25629	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31952	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:26424	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:25501	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:31796	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26380	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:25437	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26366	P	Security update for kdelibs4, kio (Moderate)	2020-12-01
oval:org.opensuse.security:def:25426	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26327	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25425	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:26278	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32385	P	Security update for tightvnc (Important)	2020-12-01
oval:org.opensuse.security:def:31428	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32341	P	Security update for spice (Moderate)	2020-12-01
oval:org.opensuse.security:def:32319	P	Security update for ruby (Moderate)	2020-12-01
oval:org.opensuse.security:def:25990	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:27345	P	libldap-openssl1-2_4-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25933	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:27310	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25852	P	Security update for flash-playerqemu (Important)	2020-12-01
oval:org.opensuse.security:def:26672	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25724	P	Security update for postgresql10 (Low)	2020-12-01
oval:org.opensuse.security:def:26628	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:23631	P	ELSA-2012:0899: openldap security and bug fix update (Low)	2014-05-26
oval:org.mitre.oval:def:21504	P	RHSA-2012:0899: openldap security and bug fix update (Low)	2014-02-24
oval:com.ubuntu.precise:def:20121164000	V	CVE-2012-1164 on Ubuntu 12.04 LTS (precise) - low.	2012-06-29
oval:com.ubuntu.trusty:def:20121164000	V	CVE-2012-1164 on Ubuntu 14.04 LTS (trusty) - low.	2012-06-29
oval:com.redhat.rhsa:def:20120899	P	RHSA-2012:0899: openldap security and bug fix update (Low)	2012-06-20

BACK