Vulnerability Description
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openldap | Openldap | 2.4.6 |
Related Weaknesses (CWE)
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://openwall.com/lists/oss-security/2011/02/24/12
- http://openwall.com/lists/oss-security/2011/02/25/13
- http://secunia.com/advisories/43331Vendor Advisory
- http://secunia.com/advisories/43718
- http://security.gentoo.org/glsa/glsa-201406-36.xml
- http://securitytracker.com/id?1025190
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:056
- http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1Patch
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661
- http://www.openldap.org/lists/openldap-announce/201102/msg00000.html
- http://www.redhat.com/support/errata/RHSA-2011-0347.html
- http://www.ubuntu.com/usn/USN-1100-1
- http://www.vupen.com/english/advisories/2011/0665Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=680472Patch
FAQ
What is CVE-2011-1025?
CVE-2011-1025 is a vulnerability with a CVSS score of 6.8 (MEDIUM). bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an a...
How severe is CVE-2011-1025?
CVE-2011-1025 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1025?
Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap.