Oval Definition:oval:org.mitre.oval:def:13097
Revision Date:2014-06-30Version:20
Title:USN-965-1 -- openldap, openldap2.2, openldap2.3 vulnerabilities
Description:Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas Salomäki discovered that the slap_modrdn2mods function in modrdn.c in OpenLDAP does not check the return value from a call to the smr_normalize function. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon or possibly execute arbitrary code. Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas Salomäki discovered that OpenLDAP does not properly handle empty RDN strings. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon. In the default installation under Ubuntu 8.04 LTS and later, attackers would be isolated by the OpenLDAP AppArmor profile for the slapd daemon.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2010-0211
CVE-2010-0212
USN-965-1
USN-965-1
Platform(s):Ubuntu 10.04
Ubuntu 6.06
Ubuntu 8.04
Ubuntu 9.04
Ubuntu 9.10
Product(s):openldap
openldap2.2
openldap2.3
Definition Synopsis
  • Release section
  • Ubuntu 8.04 is installed
  • AND Supported architectures section
  • Installed architecture is sparc
  • OR Installed architecture is i386
  • OR Installed architecture is amd64
  • OR Installed architecture is lpia
  • OR Installed architecture is powerpc
  • AND Packages section
  • slapd-dbg DPKG is earlier than 2.4.9-0ubuntu0.8.04.4
  • OR libldap-2.4-2 DPKG is earlier than 2.4.9-0ubuntu0.8.04.4
  • OR libldap-2.4-2-dbg DPKG is earlier than 2.4.9-0ubuntu0.8.04.4
  • OR ldap-utils DPKG is earlier than 2.4.9-0ubuntu0.8.04.4
  • OR libldap2-dev DPKG is earlier than 2.4.9-0ubuntu0.8.04.4
  • OR slapd DPKG is earlier than 2.4.9-0ubuntu0.8.04.4
  • OR Release section
  • Ubuntu 10.04 is installed
  • AND Supported architectures section
  • Installed architecture is sparc
  • OR Installed architecture is i386
  • OR Installed architecture is amd64
  • OR Installed architecture is powerpc
  • AND Packages section
  • slapd-dbg DPKG is earlier than 2.4.21-0ubuntu5.2
  • OR libldap-2.4-2 DPKG is earlier than 2.4.21-0ubuntu5.2
  • OR libldap-2.4-2-dbg DPKG is earlier than 2.4.21-0ubuntu5.2
  • OR ldap-utils DPKG is earlier than 2.4.21-0ubuntu5.2
  • OR libldap2-dev DPKG is earlier than 2.4.21-0ubuntu5.2
  • OR slapd DPKG is earlier than 2.4.21-0ubuntu5.2
  • OR Release section
  • Ubuntu 9.10 is installed
  • AND Supported architectures section
  • Installed architecture is sparc
  • OR Installed architecture is i386
  • OR Installed architecture is amd64
  • OR Installed architecture is lpia
  • OR Installed architecture is powerpc
  • AND Packages section
  • slapd-dbg DPKG is earlier than 2.4.18-0ubuntu1.1
  • OR libldap-2.4-2 DPKG is earlier than 2.4.18-0ubuntu1.1
  • OR libldap-2.4-2-dbg DPKG is earlier than 2.4.18-0ubuntu1.1
  • OR ldap-utils DPKG is earlier than 2.4.18-0ubuntu1.1
  • OR libldap2-dev DPKG is earlier than 2.4.18-0ubuntu1.1
  • OR slapd DPKG is earlier than 2.4.18-0ubuntu1.1
  • OR Release section
  • Ubuntu 6.06 is installed
  • AND Supported architectures section
  • Installed architecture is sparc
  • OR Installed architecture is i386
  • OR Installed architecture is amd64
  • OR Installed architecture is powerpc
  • AND Packages section
  • ldap-utils DPKG is earlier than 2.2.26-5ubuntu2.10
  • OR libldap-2.2-7 DPKG is earlier than 2.2.26-5ubuntu2.10
  • OR slapd DPKG is earlier than 2.2.26-5ubuntu2.10
  • OR Release section
  • Ubuntu 9.04 is installed
  • AND Supported architectures section
  • Installed architecture is sparc
  • OR Installed architecture is i386
  • OR Installed architecture is amd64
  • OR Installed architecture is lpia
  • OR Installed architecture is powerpc
  • AND Packages section
  • slapd-dbg DPKG is earlier than 2.4.15-1ubuntu3.1
  • OR libldap-2.4-2 DPKG is earlier than 2.4.15-1ubuntu3.1
  • OR libldap-2.4-2-dbg DPKG is earlier than 2.4.15-1ubuntu3.1
  • OR ldap-utils DPKG is earlier than 2.4.15-1ubuntu3.1
  • OR libldap2-dev DPKG is earlier than 2.4.15-1ubuntu3.1
  • OR slapd DPKG is earlier than 2.4.15-1ubuntu3.1
  • BACK