NVD

Id
45024  
Name
CVE-2012-3429  
Description
The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2012-08-07  
Modified Date
2012-08-08  
Seq
2012-3429  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
225704 45024 CVE-2012-3429 http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006  View
225705 45024 CVE-2012-3429 RHSA-2012:1139  View
225706 45024 CVE-2012-3429 [oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429  View
225707 45024 CVE-2012-3429 54787  View
225708 45024 CVE-2012-3429 1027341  View
225709 45024 CVE-2012-3429 binddyndbldap-dnstoldapdnescape-dos(77391)  View
225710 45024 CVE-2012-3429 https://bugzilla.redhat.com/show_bug.cgi?id=842466  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
27801 JVNDB-2012-003508 bind-dyndb-ldap の src/ldap_convert.c におけるサービス運用妨害 (DoS) の脆弱性 bind-dyndb-ldap の src/ldap_convert.c 内の dns_to_ldap_dn_escape 関数は、LDAP クエリに含まれる識別名 (DN) を適切にエスケープしないため、サービス運用妨害 (named サービスのハング) 状態となる脆弱性が存在します。 CVE-2012-3429 56667 CVE-2012-3429 45024 5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003508.html 2012-08-01 2012-08-09 View