CVE-2011-1025

Published: Mar 20, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

GLSA-201406-36

vendor-advisory

x_refsource_GENTOO

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661

x_refsource_CONFIRM

http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=680472

x_refsource_CONFIRM

1025190

vdb-entry

x_refsource_SECTRACK

[openldap-announce] 20110212 OpenLDAP 2.4.24 available

mailing-list

x_refsource_MLIST

MDVSA-2011:056

vendor-advisory

x_refsource_MANDRIVA

RHSA-2011:0347

vendor-advisory

x_refsource_REDHAT

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

x_refsource_CONFIRM

[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issue

mailing-list

x_refsource_MLIST

43718

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues

mailing-list

x_refsource_MLIST

USN-1100-1

vendor-advisory

x_refsource_UBUNTU

ADV-2011-0665

vdb-entry

x_refsource_VUPEN

43331

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-1025

Description

Affected Products

References