CVE-2011-4079

Name of the Vulnerable Software and Affected Versions OpenLDAP versions 2.4.26 and earlier

Description The issue is related to an off-by-one error in the UTF8StringNormalize function, which can be exploited by remote attackers to cause a denial of service (slapd crash) via a zero-length string. This can trigger a heap-based buffer overflow. For example, an empty postalAddressAttribute value in an LDIF entry can be used to demonstrate this issue. Additionally, there are multiple vulnerabilities in the openldap package prior to version 2.4.35 that can lead to violations of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For OpenLDAP versions 2.4.26 and earlier, update to a version later than 2.4.26 to resolve the issue. For openldap package prior to version 2.4.35, update to version 2.4.35 or later to address the multiple vulnerabilities.