Launchpad CVE tracker

CVE 2011-1024

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.

Related bugs and status

CVE-2011-1024 (Candidate) is related to these bugs:

Bug #742104: OpenLDAP remote DoS: CVE-2011-1081

		In	Importance	Status
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu)	Medium	Fix Released
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu Hardy)	Medium	Fix Released
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu Karmic)	Medium	Fix Released
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu Natty)	Medium	Fix Released
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu Lucid)	Medium	Fix Released
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu Maverick)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1024

References