National Vulnerability Database (NVD) National Vulnerability Database (CVE-2011-4079)

National Cyber Awareness System

Vulnerability Summary for CVE-2011-4079

Original release date:10/27/2011

Last revised:02/16/2012

Source: US-CERT/NIST

Overview

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:4.0 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:P) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Required to exploit

Impact Type:Allows disruption of serviceUnknown

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC

Name: https://bugzilla.redhat.com/show_bug.cgi?id=749324

Type: Patch Information

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=749324

External Source: MISC

Name: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9

Type: Patch Information

Hyperlink:http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9

External Source: XF

Name: openldap-utf8stringnormalize-dos(70991)

Hyperlink:http://xforce.iss.net/xforce/xfdb/70991

External Source: UBUNTU

Name: USN-1266-1

Hyperlink:http://www.ubuntu.com/usn/USN-1266-1

External Source: BID

Name: 50384

Hyperlink:http://www.securityfocus.com/bid/50384

External Source: MLIST

Name: [oss-security] 20111026 Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow

Hyperlink:http://www.openwall.com/lists/oss-security/2011/10/26/9

External Source: MLIST

Name: [oss-security] 20111026 CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow

Hyperlink:http://www.openwall.com/lists/oss-security/2011/10/26/5

External Source: MISC

Name: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059

Hyperlink:http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059

External Source: SECUNIA

Name: 46599

Type: Advisory

Hyperlink:http://secunia.com/advisories/46599

Vulnerable software and versions

Configuration 1

* cpe:/a:openldap:openldap:1.1

* cpe:/a:openldap:openldap:1.0.3

* cpe:/a:openldap:openldap:1.1.1

* cpe:/a:openldap:openldap:1.1.0

* cpe:/a:openldap:openldap:1.0

* cpe:/a:openldap:openldap:1.0.2

* cpe:/a:openldap:openldap:1.0.1

* cpe:/a:openldap:openldap:1.2.1

* cpe:/a:openldap:openldap:1.2.0

* cpe:/a:openldap:openldap:1.2.11

* cpe:/a:openldap:openldap:1.2.10

* cpe:/a:openldap:openldap:1.1.3

* cpe:/a:openldap:openldap:1.1.2

* cpe:/a:openldap:openldap:1.2

* cpe:/a:openldap:openldap:1.1.4

* cpe:/a:openldap:openldap:2.0.17

* cpe:/a:openldap:openldap:2.0.16

* cpe:/a:openldap:openldap:2.0.15

* cpe:/a:openldap:openldap:2.0.14

* cpe:/a:openldap:openldap:2.0.13

* cpe:/a:openldap:openldap:2.0.12

* cpe:/a:openldap:openldap:2.0.11_9

* cpe:/a:openldap:openldap:2.0.11_11s

* cpe:/a:openldap:openldap:2.0.24

* cpe:/a:openldap:openldap:2.0.23

* cpe:/a:openldap:openldap:2.0.22

* cpe:/a:openldap:openldap:2.0.21

* cpe:/a:openldap:openldap:2.0.20

* cpe:/a:openldap:openldap:2.0.2

* cpe:/a:openldap:openldap:2.0.19

* cpe:/a:openldap:openldap:2.0.18

* cpe:/a:openldap:openldap:1.2.6

* cpe:/a:openldap:openldap:1.2.7

* cpe:/a:openldap:openldap:1.2.4

* cpe:/a:openldap:openldap:1.2.5

* cpe:/a:openldap:openldap:1.2.2

* cpe:/a:openldap:openldap:1.2.3

* cpe:/a:openldap:openldap:1.2.12

* cpe:/a:openldap:openldap:1.2.13

* cpe:/a:openldap:openldap:2.0.11

* cpe:/a:openldap:openldap:2.0.11_11

* cpe:/a:openldap:openldap:2.0.1

* cpe:/a:openldap:openldap:2.0.10

* cpe:/a:openldap:openldap:2.0

* cpe:/a:openldap:openldap:2.0.0

* cpe:/a:openldap:openldap:1.2.8

* cpe:/a:openldap:openldap:1.2.9

* cpe:/a:openldap:openldap:2.1.22

* cpe:/a:openldap:openldap:2.1.23

* cpe:/a:openldap:openldap:2.1.24

* cpe:/a:openldap:openldap:2.1.25

* cpe:/a:openldap:openldap:2.1.26

* cpe:/a:openldap:openldap:2.1.27

* cpe:/a:openldap:openldap:2.1.28

* cpe:/a:openldap:openldap:2.1.29

* cpe:/a:openldap:openldap:2.1.15

* cpe:/a:openldap:openldap:2.1.16

* cpe:/a:openldap:openldap:2.1.17

* cpe:/a:openldap:openldap:2.1.18

* cpe:/a:openldap:openldap:2.1.19

* cpe:/a:openldap:openldap:2.1.2

* cpe:/a:openldap:openldap:2.1.20

* cpe:/a:openldap:openldap:2.1.21

* cpe:/a:openldap:openldap:2.0.9

* cpe:/a:openldap:openldap:2.0.8

* cpe:/a:openldap:openldap:2.1.10

* cpe:/a:openldap:openldap:2.1_.20

* cpe:/a:openldap:openldap:2.1.12

* cpe:/a:openldap:openldap:2.1.11

* cpe:/a:openldap:openldap:2.1.14

* cpe:/a:openldap:openldap:2.1.13

* cpe:/a:openldap:openldap:2.0.26

* cpe:/a:openldap:openldap:2.0.25

* cpe:/a:openldap:openldap:2.0.3

* cpe:/a:openldap:openldap:2.0.27

* cpe:/a:openldap:openldap:2.0.5

* cpe:/a:openldap:openldap:2.0.4

* cpe:/a:openldap:openldap:2.0.7

* cpe:/a:openldap:openldap:2.0.6

* cpe:/a:openldap:openldap:2.2.18

* cpe:/a:openldap:openldap:2.2.19

* cpe:/a:openldap:openldap:2.2.16

* cpe:/a:openldap:openldap:2.2.17

* cpe:/a:openldap:openldap:2.2.11

* cpe:/a:openldap:openldap:2.2.10

* cpe:/a:openldap:openldap:2.2.1

* cpe:/a:openldap:openldap:2.2.0

* cpe:/a:openldap:openldap:2.2.15

* cpe:/a:openldap:openldap:2.2.14

* cpe:/a:openldap:openldap:2.2.13

* cpe:/a:openldap:openldap:2.2.12

* cpe:/a:openldap:openldap:2.1.5

* cpe:/a:openldap:openldap:2.1.4

* cpe:/a:openldap:openldap:2.1.30

* cpe:/a:openldap:openldap:2.1.3

* cpe:/a:openldap:openldap:2.1.9

* cpe:/a:openldap:openldap:2.1.8

* cpe:/a:openldap:openldap:2.1.7

* cpe:/a:openldap:openldap:2.1.6

* cpe:/a:openldap:openldap:2.2.26

* cpe:/a:openldap:openldap:2.2.27

* cpe:/a:openldap:openldap:2.2.24

* cpe:/a:openldap:openldap:2.2.25

* cpe:/a:openldap:openldap:2.2.5

* cpe:/a:openldap:openldap:2.2.6

* cpe:/a:openldap:openldap:2.2.4

* cpe:/a:openldap:openldap:2.2.22

* cpe:/a:openldap:openldap:2.2.23

* cpe:/a:openldap:openldap:2.2.20

* cpe:/a:openldap:openldap:2.2.21

* cpe:/a:openldap:openldap:2.2.8

* cpe:/a:openldap:openldap:2.2.7

* cpe:/a:openldap:openldap:2.2.9

* cpe:/a:openldap:openldap:2.3.41

* cpe:/a:openldap:openldap:2.3.42

* cpe:/a:openldap:openldap:2.3.35

* cpe:/a:openldap:openldap:2.3.6

* cpe:/a:openldap:openldap:2.3.7

* cpe:/a:openldap:openldap:2.3.8

* cpe:/a:openldap:openldap:2.3.9

* cpe:/a:openldap:openldap:2.3.4

* cpe:/a:openldap:openldap:2.3.40

* cpe:/a:openldap:openldap:2.3.43

* cpe:/a:openldap:openldap:2.3.5

* cpe:/a:openldap:openldap:2.3.34

* cpe:/a:openldap:openldap:2.3.36

* cpe:/a:openldap:openldap:2.3.37

* cpe:/a:openldap:openldap:2.3.38

* cpe:/a:openldap:openldap:2.3.31

* cpe:/a:openldap:openldap:2.3.30

* cpe:/a:openldap:openldap:2.3.33

* cpe:/a:openldap:openldap:2.3.32

* cpe:/a:openldap:openldap:2.3.27

* cpe:/a:openldap:openldap:2.3.26

* cpe:/a:openldap:openldap:2.3.29

* cpe:/a:openldap:openldap:2.3.28

* cpe:/a:openldap:openldap:2.3.23

* cpe:/a:openldap:openldap:2.3.22

* cpe:/a:openldap:openldap:2.3.25

* cpe:/a:openldap:openldap:2.3.24

* cpe:/a:openldap:openldap:2.3.19

* cpe:/a:openldap:openldap:2.3.18

* cpe:/a:openldap:openldap:2.3.21

* cpe:/a:openldap:openldap:2.3.20

* cpe:/a:openldap:openldap:2.3.16

* cpe:/a:openldap:openldap:2.3.17

* cpe:/a:openldap:openldap:2.3.14

* cpe:/a:openldap:openldap:2.3.15

* cpe:/a:openldap:openldap:2.3.12

* cpe:/a:openldap:openldap:2.3.13

* cpe:/a:openldap:openldap:2.3.10

* cpe:/a:openldap:openldap:2.3.11

* cpe:/a:openldap:openldap:2.3.39

* cpe:/a:openldap:openldap:2.4.8

* cpe:/a:openldap:openldap:2.4.7

* cpe:/a:openldap:openldap:2.4.6

* cpe:/a:openldap:openldap:2.4.13

* cpe:/a:openldap:openldap:2.4.12

* cpe:/a:openldap:openldap:2.4.11

* cpe:/a:openldap:openldap:2.4.9

* cpe:/a:openldap:openldap:2.4.16

* cpe:/a:openldap:openldap:2.4.17

* cpe:/a:openldap:openldap:2.4.14

* cpe:/a:openldap:openldap:2.4.15

* cpe:/a:openldap:openldap:2.4.20

* cpe:/a:openldap:openldap:2.4.21

* cpe:/a:openldap:openldap:2.4.18

* cpe:/a:openldap:openldap:2.4.19

* cpe:/a:openldap:openldap:2.4.23

* cpe:/a:openldap:openldap:2.4.22

* cpe:/a:openldap:openldap:2.4.10

* cpe:/a:openldap:openldap:2.4.3

* cpe:/a:openldap:openldap:2.4.24

* cpe:/a:openldap:openldap:2.4.25

* cpe:/a:openldap:openldap:2.4.26 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Numeric Errors (CWE-189)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4079