Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-1025

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

Related bugs and status

CVE-2011-1025 (Candidate) is related to these bugs:

Bug #742104: OpenLDAP remote DoS: CVE-2011-1081

		In	Importance	Status
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu)	Medium	Fix Released
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu Hardy)	Medium	Fix Released
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu Karmic)	Medium	Fix Released
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu Natty)	Medium	Fix Released
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu Lucid)	Medium	Fix Released
742104	OpenLDAP remote DoS: CVE-2011-1081	openldap (Ubuntu Maverick)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://securitytracker...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.vupen.com/e...
MISC: http://security.gentoo...
MISC: http://www.mandriva.co...
MISC: https://bugzilla.redha...
MISC: http://www.redhat.com/...
MISC: http://www.ubuntu.com/...
MISC: http://www.openldap.or...
MISC: http://openwall.com/li...
MISC: http://openwall.com/li...
MISC: http://kb.juniper.net/...
MISC: http://www.openldap.or...
MISC: http://www.openldap.or...