Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1025

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-1025
Last Modified 06 Sep 2011 11:15:15
Published 19 Mar 2011 10:00:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1025

Summary

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

Vulnerable Systems

Application

  • Openldap 2.4.10

  • Openldap 2.4.11

  • Openldap 2.4.12

  • Openldap 2.4.13

  • Openldap 2.4.14

  • Openldap 2.4.15

  • Openldap 2.4.16

  • Openldap 2.4.17

  • Openldap 2.4.18

  • Openldap 2.4.19

  • Openldap 2.4.20

  • Openldap 2.4.21

  • Openldap 2.4.22

  • Openldap 2.4.23

  • Openldap 2.4.6

  • Openldap 2.4.7

  • Openldap 2.4.8

  • Openldap 2.4.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=680472

CONFIRM - http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8

VUPEN - ADV-2011-0665

UBUNTU - USN-1100-1

REDHAT - RHSA-2011:0347

MLIST - [openldap-announce] 20110212 OpenLDAP 2.4.24 available

CONFIRM - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661

MANDRIVA - MDVSA-2011:056

SECTRACK - 1025190

SECUNIA - 43718

SECUNIA - 43331

MLIST - [oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issue

MLIST - [oss-security] 20110224 CVE Request -- OpenLDAP -- two issues


Last Updated: 27 May 2016 10:56:08