製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenLDAP の slap_modrdn2mods 関数における任意のコードを実行される脆弱性

Title	OpenLDAP の slap_modrdn2mods 関数における任意のコードを実行される脆弱性
Summary	OpenLDAP の modrdn.c 内にある slap_modrdn2mods 関数には、smr_normalize 関数の呼び出しにおいて、戻り値をチェックしないため、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により、不正な UTF-8 シーケンスを含む RDN ストリングが付与された modrdn コールを介して、サービス運用妨害 (DoS) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 30, 2010, midnight
Registration Date	Aug. 11, 2010, 6:32 p.m.
Last Update	Jan. 14, 2011, 2:45 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

レッドハット

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

RHEL Desktop Workstation 5 (client)

ターボリナックス

Turbolinux Appliance Server 2.0

Turbolinux Appliance Server 3.0

Turbolinux Appliance Server 3.0 (x64)

Turbolinux Client 2008

Turbolinux Server 10

Turbolinux Server 10 (x64)

Turbolinux Server 11

Turbolinux Server 11 (x64)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

アップル

Apple Mac OS X v10.6 から v10.6.4

Apple Mac OS X Server v10.6 から v10.6.4

OpenLDAP Foundation

OpenLDAP 2.4.22

VMware

VMware ESX 3.0.3

VMware ESX 3.5

VMware ESX 4.0

VMware ESX 4.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-0211	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211
National Vulnerability Database (NVD)
2	CVE-2010-0211	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0211

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT4435	http://support.apple.com/kb/HT4435
Apple セキュリティアップデート
2	HT4435	http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Asianux Technical Support Network
3	openldap-2.3.43-12.1.0.1.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1213
MIRACLE LINUX アップデート情報
4	2098	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2098
OpenLDAP Issue Tracking System
5	ITS#6570	http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570
Red Hat Security Advisory
6	RHSA-2010:0542	https://rhn.redhat.com/errata/RHSA-2010-0542.html
7	RHSA-2010:0543	https://rhn.redhat.com/errata/RHSA-2010-0543.html
Release Changes
8	Release Changes	http://www.openldap.org/software/release/changes.html
Turbolinux Security Advisory
9	TLSA-2010-31	http://www.turbolinux.co.jp/security/2010/TLSA-2010-31j.txt
VMware Security Advisories
10	VMSA-2011-0001	http://www.vmware.com/security/advisories/VMSA-2011-0001.html

その他

No	Name	URL
CERT-FI
1	CERT-FI Advisory on OpenLDAP	http://www.cert.fi/en/reports/2010/vulnerability383115.html
JVN
2	JVNVU#129889	http://jvn.jp/cert/JVNVU129889
3	JVNVU#331391	http://jvn.jp/cert/JVNVU331391
Secunia Advisory
4	SA40639	http://secunia.com/advisories/40639
5	SA40677	http://secunia.com/advisories/40677
6	SA40687	http://secunia.com/advisories/40687
SecurityFocus
7	41770	http://www.securityfocus.com/bid/41770
SecurityTracker
8	1024221	http://www.securitytracker.com/id?1024221
VUPEN Security
9	VUPEN/ADV-2010-1849	http://www.vupen.com/english/advisories/2010/1849
10	VUPEN/ADV-2010-1858	http://www.vupen.com/english/advisories/2010/1858

Change Log

No	Changed Details	Date of change
0	[2010年08月11日] 掲載 [2010年09月27日] 影響を受けるシステム：ターボリナックス (TLSA-2010-31) の情報を追加ベンダ情報：ターボリナックス (TLSA-2010-31) を追加 [2010年11月25日] 影響を受けるシステム：アップル (HT4435) の情報を追加ベンダ情報：アップル (HT4435) を追加 [2011年01月14日] 影響を受けるシステム：VMware (VMSA-2011-0001) の情報を追加ベンダ情報：VMware (VMSA-2011-0001) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-0211

Summary	The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
Publication Date	July 28, 2010, 9:48 p.m.
Registration Date	Jan. 29, 2021, 10:56 a.m.
Last Update	Nov. 21, 2024, 10:11 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:openldap:openldap:2.4.22:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:vmware:esxi:4.1:::::::*
cpe:2.3:o:vmware:esxi:4.0:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:opensuse:opensuse:11.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:apple:mac_os_x_server::::::::	10.6.0			10.6.5
cpe:2.3:o:apple:mac_os_x::::::::	10.6.0			10.6.5

Related information, measures and tools

No	URL	タグ
1	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	Third Party Advisory
2	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	Third Party Advisory
3	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Mailing List
4	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Mailing List
5	http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html	Mailing List
6	http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html	Mailing List
7	http://secunia.com/advisories/40639	Broken Link Vendor Advisory
8	http://secunia.com/advisories/40639	Broken Link Vendor Advisory
9	http://secunia.com/advisories/40677	Broken Link Vendor Advisory
10	http://secunia.com/advisories/40677	Broken Link Vendor Advisory
11	http://secunia.com/advisories/40687	Broken Link Vendor Advisory
12	http://secunia.com/advisories/40687	Broken Link Vendor Advisory
13	http://secunia.com/advisories/42787	Broken Link
14	http://secunia.com/advisories/42787	Broken Link
15	http://security.gentoo.org/glsa/glsa-201406-36.xml	Third Party Advisory
16	http://security.gentoo.org/glsa/glsa-201406-36.xml	Third Party Advisory
17	http://support.apple.com/kb/HT4435	Issue Tracking
18	http://support.apple.com/kb/HT4435	Issue Tracking
19	http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570	Exploit
20	http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570	Exploit
21	http://www.redhat.com/support/errata/RHSA-2010-0542.html	Broken Link
22	http://www.redhat.com/support/errata/RHSA-2010-0542.html	Broken Link
23	http://www.redhat.com/support/errata/RHSA-2010-0543.html	Broken Link
24	http://www.redhat.com/support/errata/RHSA-2010-0543.html	Broken Link
25	http://www.securityfocus.com/archive/1/515545/100/0/threaded	Broken Link Third Party Advisory VDB Entry
26	http://www.securityfocus.com/archive/1/515545/100/0/threaded	Broken Link Third Party Advisory VDB Entry
27	http://www.securityfocus.com/bid/41770	Broken Link Exploit Patch Third Party Advisory VDB Entry
28	http://www.securityfocus.com/bid/41770	Broken Link Exploit Patch Third Party Advisory VDB Entry
29	http://www.securitytracker.com/id?1024221	Broken Link Third Party Advisory VDB Entry
30	http://www.securitytracker.com/id?1024221	Broken Link Third Party Advisory VDB Entry
31	http://www.vmware.com/security/advisories/VMSA-2011-0001.html	Third Party Advisory
32	http://www.vmware.com/security/advisories/VMSA-2011-0001.html	Third Party Advisory
33	http://www.vupen.com/english/advisories/2010/1849	Broken Link Vendor Advisory
34	http://www.vupen.com/english/advisories/2010/1849	Broken Link Vendor Advisory
35	http://www.vupen.com/english/advisories/2010/1858	Broken Link Vendor Advisory
36	http://www.vupen.com/english/advisories/2010/1858	Broken Link Vendor Advisory
37	http://www.vupen.com/english/advisories/2011/0025	Broken Link
38	http://www.vupen.com/english/advisories/2011/0025	Broken Link

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-252	未チェックの戻り値	https://cwe.mitre.org/data/definitions/252.html