Candidate: CVE-2010-0212
PublicDate: 2010-07-28 12:48:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0212
Description:
 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service
 (crash) via a modrdn call with a zero-length RDN destination string, which
 is not properly handled by the smr_normalize function and triggers a NULL
 pointer dereference in the IA5StringNormalize function in schema_init.c, as
 demonstrated using the Codenomicon LDAPv3 test suite.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Ilkka Mattila and Tuomas Salom.ki with Codenomicon LDAPv3 test suite
Assigned-to:
CVSS: 

Patches_openldap:
  vendor: http://cvs.fedoraproject.org/viewvc/rpms/openldap/devel/openldap-2.4.22-modrdn-segfault.patch?revision=1.1&view=markup
Tags_openldap: apparmor
upstream_openldap: released (2.4.23)
dapper_openldap: DNE
hardy_openldap: DNE
jaunty_openldap: released (2.4.15-1ubuntu3.1)
karmic_openldap: released (2.4.18-0ubuntu1.1)
lucid_openldap: released (2.4.21-0ubuntu5.2)
devel_openldap: released (2.4.23-0ubuntu1)

Patches_openldap2.2:
upstream_openldap2.2: needs-triage
dapper_openldap2.2: released (2.2.26-5ubuntu2.10)
hardy_openldap2.2: DNE
jaunty_openldap2.2: DNE
karmic_openldap2.2: DNE
lucid_openldap2.2: DNE
devel_openldap2.2: DNE

Patches_openldap2.3:
Tags_openldap2.3: apparmor
upstream_openldap2.3: needs-triage
dapper_openldap2.3: DNE
hardy_openldap2.3: released (2.4.9-0ubuntu0.8.04.4)
jaunty_openldap2.3: DNE
karmic_openldap2.3: DNE
lucid_openldap2.3: DNE
devel_openldap2.3: DNE