CVE-2012-3429
Published Aug 7, 2012
Last updated 7 years ago
Overview
- Description
- The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:*:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEDFA61F-E6B5-464E-841F-BAF782464198",
"versionEndIncluding": "1.1.0"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:a1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EAFBB42-05EE-44DB-85D4-D622C2B678E4"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5745D406-24EF-408D-8A57-2AEEB09FF41C"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA5463AE-3E88-4824-AB42-93B5E6FE8573"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:b1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8BA67DA-D03F-499E-8BCF-94C06A814383"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FA76B53-60B9-40D9-A1FC-41FE6CED3148"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00063DB2-31C6-4580-AB99-72466B3FB33A"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "374C3768-2379-4F82-8826-0B3EC53DA38C"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E72C8313-8F0F-4826-B96D-2B08685521C4"
},
{
"criteria": "cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F56B1448-2A7B-4725-A78C-8D02B1EEB02F"
}
],
"operator": "OR"
}
]
}
]