CVE-2010-0211

Name of the Vulnerable Software and Affected Versions openldap versions 2.2.13 through 2.4.22 openldap versions prior to 2.4.35 openldap-clients-2.2.13 openldap-servers-2.2.13 openldap-servers-sql-2.2.13 openldap-devel-2.2.13 compat-openldap-2.1.30 libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd slapd-dbg

Description The issue is related to multiple vulnerabilities in the OpenLDAP package, which can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. The slap modrdn2mods function in modrdn.c does not check the return value of a call to the smr normalize function, allowing remote attackers to cause a denial of service and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences.

Recommendations For openldap versions 2.2.13 through 2.4.22, update to a version later than 2.4.22. For openldap versions prior to 2.4.35, update to version 2.4.35 or later. For openldap-clients-2.2.13, openldap-servers-2.2.13, openldap-servers-sql-2.2.13, openldap-devel-2.2.13, compat-openldap-2.1.30, libldap-2.4-2, libldap-2.4-2-dbg, libldap2-dev, slapd, and slapd-dbg, update to the latest available version. As a temporary workaround, consider disabling the slap modrdn2mods function until a patch is available. Restrict access to the vulnerable OpenLDAP modules to minimize the risk of exploitation.