| Vulnerability Name: | CVE-2012-3429 (CCN-77391) | ||||||||||||||||
| Assigned: | 2012-08-01 | ||||||||||||||||
| Published: | 2012-08-01 | ||||||||||||||||
| Updated: | 2017-08-29 | ||||||||||||||||
| Summary: | The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query. | ||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-3429 Source: CCN Type: Bind DynDB LDAP GIT Repository Fix and harden DNS-to-LDAP name conversion. Fixes CVE-2012-3429. Source: CONFIRM Type: Exploit, Patch http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006 Source: CCN Type: RHSA-2012-1139 Important: bind-dyndb-ldap security update Source: REDHAT Type: UNKNOWN RHSA-2012:1139 Source: CCN Type: SA50086 bind-dyndb-ldap DN Escaping Denial of Service Vulnerability Source: SECUNIA Type: Vendor Advisory 50086 Source: SECUNIA Type: Vendor Advisory 50159 Source: MLIST Type: UNKNOWN [oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429 Source: CCN Type: OSVDB ID: 84437 bind-dyndb-ldap src/ldap_convert.c dns_to_ldap_dn_escape() Function LDAP Query DN Value Escaping Remote DoS Source: BID Type: UNKNOWN 54787 Source: CCN Type: BID-54787 Bind DynDB LDAP CVE-2012-3429 Package Remote Denial of Service Vulnerability Source: SECTRACK Type: Patch 1027341 Source: MISC Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=842466 Source: XF Type: UNKNOWN binddyndbldap-dnstoldapdnescape-dos(77391) Source: XF Type: UNKNOWN binddyndbldap-dnstoldapdnescape-dos(77391) | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||