| Vulnerability Name: | CVE-2012-2134 (CCN-75164) | ||||||||||||||||
| Assigned: | 2012-04-24 | ||||||||||||||||
| Published: | 2012-04-24 | ||||||||||||||||
| Updated: | 2014-03-10 | ||||||||||||||||
| Summary: | The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infinite loop and named server hang) via a non-alphabet character in the base DN in an LDAP search DNS query. | ||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-399 | ||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-2134 Source: CCN Type: RHSA-2012-0683 Important: bind-dyndb-ldap security update Source: REDHAT Type: Patch RHSA-2012:0683 Source: CCN Type: SA48901 bind-dyndb-ldap DNS Query Processing Denial of Service Vulnerability Source: SECUNIA Type: Vendor Advisory 48901 Source: MLIST Type: UNKNOWN [oss-security] 20140424 Re: CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap Source: OSVDB Type: UNKNOWN 81619 Source: CCN Type: OSVDB ID: 81619 bind-dyndb-ldap ldap_helper.c handle_connection_error() Function LDAP Connection Error Handling Remote DoS Source: CCN Type: BID-53236 Bind DynDB LDAP 'bind-dyndb-ldap' Package Remote Denial of Service Vulnerability Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=815846 Source: XF Type: UNKNOWN binddyndbldap-ldap-dos(75164) Source: CCN Type: Bind DynDB LDAP Web page bind-dyndb-ldap Source: CONFIRM Type: UNKNOWN https://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/tree/NEWS Source: CCN Type: [Freeipa-users] named-dyndb-ldap looses connection when the LDAP server is under high load Source: MLIST Type: UNKNOWN [Freeipa-users] 20120424 named-dyndb-ldap looses connection when the LDAP server is under high load | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||