Candidate: CVE-2010-0211
PublicDate: 2010-07-28 12:48:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211
Description:
 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check
 the return value of a call to the smr_normalize function, which allows
 remote attackers to cause a denial of service (segmentation fault) and
 possibly execute arbitrary code via a modrdn call with an RDN string
 containing invalid UTF-8 sequences, which triggers a free of an invalid,
 uninitialized pointer in the slap_mods_free function, as demonstrated using
 the Codenomicon LDAPv3 test suite.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Ilkka Mattila and Tuomas Salom.ki with Codenomicon LDAPv3 test suite
Assigned-to:
CVSS: 

Patches_openldap:
  vendor: http://cvs.fedoraproject.org/viewvc/rpms/openldap/devel/openldap-2.4.22-modrdn-segfault.patch?revision=1.1&view=markup
Tags_openldap: apparmor
upstream_openldap: released (2.4.23)
dapper_openldap: DNE
hardy_openldap: DNE
jaunty_openldap: released (2.4.15-1ubuntu3.1)
karmic_openldap: released (2.4.18-0ubuntu1.1)
lucid_openldap: released (2.4.21-0ubuntu5.2)
devel_openldap: released (2.4.23-0ubuntu1)

Patches_openldap2.2:
upstream_openldap2.2: needs-triage
dapper_openldap2.2: released (2.2.26-5ubuntu2.10)
hardy_openldap2.2: DNE
jaunty_openldap2.2: DNE
karmic_openldap2.2: DNE
lucid_openldap2.2: DNE
devel_openldap2.2: DNE

Patches_openldap2.3:
Tags_openldap2.3: apparmor
upstream_openldap2.3: needs-triage
dapper_openldap2.3: DNE
hardy_openldap2.3: released (2.4.9-0ubuntu0.8.04.4)
jaunty_openldap2.3: DNE
karmic_openldap2.3: DNE
lucid_openldap2.3: DNE
devel_openldap2.3: DNE