Showing 1 - 3 of 3

CVE-2011-1025

Status Candidate

Overview

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

Related Files

Gentoo Linux Security Advisory 201406-36: Posted Jul 1, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201406-36 - Multiple vulnerabilities were found in OpenLDAP, allowing for Denial of Service or a man-in-the-middle attack. Versions less than 2.4.35 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2009-3767, CVE-2010-0211, CVE-2010-0212, CVE-2011-1024, CVE-2011-1025, CVE-2011-1081, CVE-2011-4079, CVE-2012-1164, CVE-2012-2668; SHA-256 | 42774738976bd9d080b8893ce307ab134ab715b79f71571a7a4bb8a11e479e75; Download | Favorite | View

Ubuntu Security Notice USN-1100-1: Posted Mar 31, 2011; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1100-1 - It was discovered that OpenLDAP did not properly check forwarded authentication failures when using a slave server and chain overlay. If OpenLDAP were configured in this manner, an attacker could bypass authentication checks by sending an invalid password to a slave server. It was discovered that OpenLDAP did not properly perform authentication checks to the rootdn when using the back-ndb backend. An attacker could exploit this to access the directory by sending an arbitrary password. Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue did not affect Ubuntu 8.04 LTS. It was discovered that OpenLDAP did not properly validate modrdn requests. An unauthenticated remote user could use this to cause a denial of service via application crash.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2011-1024, CVE-2011-1025, CVE-2011-1081; SHA-256 | 29371eb33f44bf7dd06b949a37d77a4725800566231420c8ea5ba3bedfe8b622; Download | Favorite | View

Mandriva Linux Security Advisory 2011-056: Posted Mar 30, 2011; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2011-056 - chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name, which allows remote attackers to bypass intended access restrictions via an arbitrary password. modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name that contains an empty value for the OldDN field. The updated packages have been patched to correct these issues.; tags | advisory, remote, denial of service, arbitrary, root; systems | linux, mandriva; advisories | CVE-2011-1024, CVE-2011-1025, CVE-2011-1081; SHA-256 | ace7fafa9471fca6031d43a03d644b937b041bcea223a3fb3b08278136c49d2e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 270 files
Ubuntu 54 files
Gentoo 33 files
Debian 26 files
Ahmet Umit Bayram 10 files
Apple 9 files
malvuln 7 files
Jann Horn 5 files
Google Security Research 5 files
nu11secur1ty 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,051)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,873)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,976)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,535)
UNIX (9,409)
UnixWare (187)
Windows (6,660)
Other

CVE-2011-1025

Overview

Related Files

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems