Permissions, Privileges, and Access Controls in OpenLDAP

#VU45194 Permissions, Privileges, and Access Controls in OpenLDAP

Published: 2011-03-20 | Updated: 2020-08-11

Vulnerability identifier: #VU45194

Vulnerability risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:H/PR:/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-1024

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenLDAP
Server applications / Directory software, identity management

Vendor: OpenLDAP.org

Description

The vulnerability allows a remote #AU# to read and manipulate data.

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.6 - 2.4.23

External links
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://openwall.com/lists/oss-security/2011/02/24/12
http://openwall.com/lists/oss-security/2011/02/25/13
http://secunia.com/advisories/43331
http://secunia.com/advisories/43708
http://secunia.com/advisories/43718
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://securitytracker.com/id?1025188
http://www.mandriva.com/security/advisories?name=MDVSA-2011:055
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html
http://www.openldap.org/lists/openldap-technical/201004/msg00247.html
http://www.redhat.com/support/errata/RHSA-2011-0346.html
http://www.redhat.com/support/errata/RHSA-2011-0347.html
http://www.ubuntu.com/usn/USN-1100-1
http://www.vupen.com/english/advisories/2011/0665
http://bugzilla.novell.com/show_bug.cgi?id=674985
http://bugzilla.redhat.com/show_bug.cgi?id=680466

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in OpenLDAP