Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1081

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1081
Last Modified 06 Sep 2011 11:15:24
Published 19 Mar 2011 10:00:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1081

Summary

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.

Vulnerable Systems

Application

  • Openldap 2.4.10

  • Openldap 2.4.11

  • Openldap 2.4.12

  • Openldap 2.4.13

  • Openldap 2.4.14

  • Openldap 2.4.15

  • Openldap 2.4.16

  • Openldap 2.4.17

  • Openldap 2.4.18

  • Openldap 2.4.19

  • Openldap 2.4.20

  • Openldap 2.4.21

  • Openldap 2.4.22

  • Openldap 2.4.23

  • Openldap 2.4.6

  • Openldap 2.4.7

  • Openldap 2.4.8

  • Openldap 2.4.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=680975

MLIST - [openldap-announce] 20110212 OpenLDAP 2.4.24 available

CONFIRM - http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9

MLIST - [oss-security] 20110228 Re: CVE Request -- OpenLDAP -- two issues

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=674985

XF - openldap-modrdnc-dos(66239)

VUPEN - ADV-2011-0665

UBUNTU - USN-1100-1

REDHAT - RHSA-2011:0347

CONFIRM - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768

MANDRIVA - MDVSA-2011:056

MANDRIVA - MDVSA-2011:055

SECTRACK - 1025191

SECUNIA - 43718

SECUNIA - 43331

MLIST - [oss-security] 20110301 Re: CVE Request -- OpenLDAP -- two issues


Last Updated: 27 May 2016 10:56:08