CVE-2011-1081
Published: 19 March 2011
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
Notes
| Author | Note |
|---|---|
| jdstrand | reproducer in oss-security Only affects >= 2.4 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openldap Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Released
(2.4.18-0ubuntu1.2)
|
|
| lucid |
Released
(2.4.21-0ubuntu5.4)
|
|
| maverick |
Released
(2.4.23-0ubuntu3.5)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9&hideattic=1&sortbydate=0 vendor: https://rhn.redhat.com/errata/RHSA-2011-0347.html |
||
|
openldap2.2 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| hardy |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
openldap2.3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(2.4.9-0ubuntu0.8.04.5)
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| upstream |
Needs triage
|
|