Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4079

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2011-4079
Last Modified 16 Feb 2012 12:00:00
Published 27 Oct 2011 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-4079

Summary

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.

Vulnerable Systems

Application

  • Openldap 1.0

  • Openldap 1.0.1

  • Openldap 1.0.2

  • Openldap 1.0.3

  • Openldap 1.1

  • Openldap 1.1.0

  • Openldap 1.1.1

  • Openldap 1.1.2

  • Openldap 1.1.3

  • Openldap 1.1.4

  • Openldap 1.2

  • Openldap 1.2.0

  • Openldap 1.2.1

  • Openldap 1.2.10

  • Openldap 1.2.11

  • Openldap 1.2.12

  • Openldap 1.2.13

  • Openldap 1.2.2

  • Openldap 1.2.3

  • Openldap 1.2.4

  • Openldap 1.2.5

  • Openldap 1.2.6

  • Openldap 1.2.7

  • Openldap 1.2.8

  • Openldap 1.2.9

  • Openldap 2.0

  • Openldap 2.0.0

  • Openldap 2.0.1

  • Openldap 2.0.10

  • Openldap 2.0.11

  • Openldap 2.0.11 11

  • Openldap 2.0.11 11s

  • Openldap 2.0.11 9

  • Openldap 2.0.12

  • Openldap 2.0.13

  • Openldap 2.0.14

  • Openldap 2.0.15

  • Openldap 2.0.16

  • Openldap 2.0.17

  • Openldap 2.0.18

  • Openldap 2.0.19

  • Openldap 2.0.2

  • Openldap 2.0.20

  • Openldap 2.0.21

  • Openldap 2.0.22

  • Openldap 2.0.23

  • Openldap 2.0.24

  • Openldap 2.0.25

  • Openldap 2.0.26

  • Openldap 2.0.27

  • Openldap 2.0.3

  • Openldap 2.0.4

  • Openldap 2.0.5

  • Openldap 2.0.6

  • Openldap 2.0.7

  • Openldap 2.0.8

  • Openldap 2.0.9

  • Openldap 2.1 .20

  • Openldap 2.1.10

  • Openldap 2.1.11

  • Openldap 2.1.12

  • Openldap 2.1.13

  • Openldap 2.1.14

  • Openldap 2.1.15

  • Openldap 2.1.16

  • Openldap 2.1.17

  • Openldap 2.1.18

  • Openldap 2.1.19

  • Openldap 2.1.2

  • Openldap 2.1.20

  • Openldap 2.1.21

  • Openldap 2.1.22

  • Openldap 2.1.23

  • Openldap 2.1.24

  • Openldap 2.1.25

  • Openldap 2.1.26

  • Openldap 2.1.27

  • Openldap 2.1.28

  • Openldap 2.1.29

  • Openldap 2.1.3

  • Openldap 2.1.30

  • Openldap 2.1.4

  • Openldap 2.1.5

  • Openldap 2.1.6

  • Openldap 2.1.7

  • Openldap 2.1.8

  • Openldap 2.1.9

  • Openldap 2.2.0

  • Openldap 2.2.1

  • Openldap 2.2.10

  • Openldap 2.2.11

  • Openldap 2.2.12

  • Openldap 2.2.13

  • Openldap 2.2.14

  • Openldap 2.2.15

  • Openldap 2.2.16

  • Openldap 2.2.17

  • Openldap 2.2.18

  • Openldap 2.2.19

  • Openldap 2.2.20

  • Openldap 2.2.21

  • Openldap 2.2.22

  • Openldap 2.2.23

  • Openldap 2.2.24

  • Openldap 2.2.25

  • Openldap 2.2.26

  • Openldap 2.2.27

  • Openldap 2.2.4

  • Openldap 2.2.5

  • Openldap 2.2.6

  • Openldap 2.2.7

  • Openldap 2.2.8

  • Openldap 2.2.9

  • Openldap 2.3.10

  • Openldap 2.3.11

  • Openldap 2.3.12

  • Openldap 2.3.13

  • Openldap 2.3.14

  • Openldap 2.3.15

  • Openldap 2.3.16

  • Openldap 2.3.17

  • Openldap 2.3.18

  • Openldap 2.3.19

  • Openldap 2.3.20

  • Openldap 2.3.21

  • Openldap 2.3.22

  • Openldap 2.3.23

  • Openldap 2.3.24

  • Openldap 2.3.25

  • Openldap 2.3.26

  • Openldap 2.3.27

  • Openldap 2.3.28

  • Openldap 2.3.29

  • Openldap 2.3.30

  • Openldap 2.3.31

  • Openldap 2.3.32

  • Openldap 2.3.33

  • Openldap 2.3.34

  • Openldap 2.3.35

  • Openldap 2.3.36

  • Openldap 2.3.37

  • Openldap 2.3.38

  • Openldap 2.3.39

  • Openldap 2.3.4

  • Openldap 2.3.40

  • Openldap 2.3.41

  • Openldap 2.3.42

  • Openldap 2.3.43

  • Openldap 2.3.5

  • Openldap 2.3.6

  • Openldap 2.3.7

  • Openldap 2.3.8

  • Openldap 2.3.9

  • Openldap 2.4.10

  • Openldap 2.4.11

  • Openldap 2.4.12

  • Openldap 2.4.13

  • Openldap 2.4.14

  • Openldap 2.4.15

  • Openldap 2.4.16

  • Openldap 2.4.17

  • Openldap 2.4.18

  • Openldap 2.4.19

  • Openldap 2.4.20

  • Openldap 2.4.21

  • Openldap 2.4.22

  • Openldap 2.4.23

  • Openldap 2.4.24

  • Openldap 2.4.25

  • Openldap 2.4.26

  • Openldap 2.4.3

  • Openldap 2.4.6

  • Openldap 2.4.7

  • Openldap 2.4.8

  • Openldap 2.4.9


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=749324

MISC - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9

XF - openldap-utf8stringnormalize-dos(70991)

BID - 50384

MLIST - [oss-security] 20111026 Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow

MLIST - [oss-security] 20111026 CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow

MISC - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059

SECUNIA - 46599

UBUNTU - USN-1266-1


Last Updated: 27 May 2016 10:58:16