[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2134Date: (C)2014-02-26   (M)2023-12-22


The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infinite loop and named server hang) via a non-alphabet character in the base DN in an LDAP search DNS query.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-48901
OSVDB-81619
RHSA-2012:0683
https://www.redhat.com/archives/freeipa-users/2012-April/msg00144.html
http://www.openwall.com/lists/oss-security/2012/04/24/15
https://bugzilla.redhat.com/show_bug.cgi?id=815846
https://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/tree/NEWS

CPE    8
cpe:/a:martin_nagy:bind-dyndb-ldap:1.0.0:b1
cpe:/a:martin_nagy:bind-dyndb-ldap:0.2.0
cpe:/a:martin_nagy:bind-dyndb-ldap:1.0.0:rc1
cpe:/a:martin_nagy:bind-dyndb-ldap:1.1.0:a2
...
CWE    1
CWE-399
OVAL    10
oval:org.secpod.oval:def:104063
oval:org.secpod.oval:def:104066
oval:org.secpod.oval:def:103816
oval:org.secpod.oval:def:103777
...

© SecPod Technologies