Intrusion Prevention

OpenLDAP.Modrdn.RDN.String.Memory.Corruption

Description

This indicates an attack attempt against a memory-corruption vulnerability in OpenLDAP.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted string via modrdn. It allows a remote attacker to execute arbitrary code.

Affected Products

OpenLDAP 2.4.22 and prior versions

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to OpenLDAP version 2.4.23:
http://www.openldap.org/software/download/

CVE References

CVE-2010-0212 CVE-2010-0211