CVE-2011-1025 Information

Feb 14, 2021 cve

Description

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN) which allows remote attackers to bypass intended access restrictions via an arbitrary password.

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://openwall.com/lists/oss-security/2011/02/24/12 http://openwall.com/lists/oss-security/2011/02/25/13 http://secunia.com/advisories/43331 http://secunia.com/advisories/43718 http://security.gentoo.org/glsa/glsa-201406-36.xml http://securitytracker.com/id?1025190 http://www.mandriva.com/security/advisories?name=MDVSA-2011:056 http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8 http://www.openldap.org/its/index.cgi/Software20Bugs?id=6661 http://www.openldap.org/lists/openldap-announce/201102/msg00000.html http://www.redhat.com/support/errata/RHSA-2011-0347.html http://www.ubuntu.com/usn/USN-1100-1 http://www.vupen.com/english/advisories/2011/0665 https://bugzilla.redhat.com/show_bug.cgi?id=680472

Share on: