CVE-2012-2134
Published Feb 26, 2014
Last updated 11 years ago
Overview
- Description
- The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infinite loop and named server hang) via a non-alphabet character in the base DN in an LDAP search DNS query.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-399
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:*:b2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6CA1920-6C70-4875-ADED-1F15A4F2A8BB",
"versionEndIncluding": "1.1.0"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:a1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EAFBB42-05EE-44DB-85D4-D622C2B678E4"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5745D406-24EF-408D-8A57-2AEEB09FF41C"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA5463AE-3E88-4824-AB42-93B5E6FE8573"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:b1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8BA67DA-D03F-499E-8BCF-94C06A814383"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FA76B53-60B9-40D9-A1FC-41FE6CED3148"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00063DB2-31C6-4580-AB99-72466B3FB33A"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "374C3768-2379-4F82-8826-0B3EC53DA38C"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E72C8313-8F0F-4826-B96D-2B08685521C4"
}
],
"operator": "OR"
}
]
}
]