SB2011032003 - Multiple vulnerabilities in OpenLDAP
Published: March 20, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Resource management error (CVE-ID: CVE-2011-1081)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-1024)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote #AU# to read and manipulate data.
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
3) Improper Authentication (CVE-ID: CVE-2011-1025)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
Remediation
Install update from vendor's website.
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://openwall.com/lists/oss-security/2011/02/28/1
- http://openwall.com/lists/oss-security/2011/02/28/2
- http://openwall.com/lists/oss-security/2011/03/01/11
- http://openwall.com/lists/oss-security/2011/03/01/15
- http://secunia.com/advisories/43331
- http://secunia.com/advisories/43718
- http://security.gentoo.org/glsa/glsa-201406-36.xml
- http://securitytracker.com/id?1025191
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:055
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:056
- http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768
- http://www.openldap.org/lists/openldap-announce/201102/msg00000.html
- http://www.redhat.com/support/errata/RHSA-2011-0347.html
- http://www.ubuntu.com/usn/USN-1100-1
- http://www.vupen.com/english/advisories/2011/0665
- https://bugzilla.novell.com/show_bug.cgi?id=674985
- https://bugzilla.redhat.com/show_bug.cgi?id=680975
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66239
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://openwall.com/lists/oss-security/2011/02/24/12
- http://openwall.com/lists/oss-security/2011/02/25/13
- http://secunia.com/advisories/43708
- http://securitytracker.com/id?1025188
- http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607
- http://www.openldap.org/lists/openldap-technical/201004/msg00247.html
- http://www.redhat.com/support/errata/RHSA-2011-0346.html
- https://bugzilla.redhat.com/show_bug.cgi?id=680466
- http://securitytracker.com/id?1025190
- http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661
- https://bugzilla.redhat.com/show_bug.cgi?id=680472