CVE-2011-1025
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
AI Score
Confidence
High
0.018 Low
EPSS
Percentile
88.3%
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
Affected configurations
References
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
openwall.com/lists/oss-security/2011/02/24/12
openwall.com/lists/oss-security/2011/02/25/13
secunia.com/advisories/43331
secunia.com/advisories/43718
security.gentoo.org/glsa/glsa-201406-36.xml
securitytracker.com/id?1025190
www.mandriva.com/security/advisories?name=MDVSA-2011:056
www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8
www.openldap.org/its/index.cgi/Software%20Bugs?id=6661
www.openldap.org/lists/openldap-announce/201102/msg00000.html
www.redhat.com/support/errata/RHSA-2011-0347.html
www.ubuntu.com/usn/USN-1100-1
www.vupen.com/english/advisories/2011/0665
bugzilla.redhat.com/show_bug.cgi?id=680472
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
AI Score
Confidence
High
0.018 Low
EPSS
Percentile
88.3%