Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1100-1
HistoryMar 31, 2011 - 12:00 a.m.

OpenLDAP vulnerabilities

2011-03-3100:00:00
ubuntu.com
39

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.8%

JSON

Releases

  • Ubuntu 10.10
  • Ubuntu 10.04
  • Ubuntu 9.10
  • Ubuntu 8.04

Packages

  • openldap - OpenLDAP utilities
  • openldap2.3 - OpenLDAP utilities

Details

It was discovered that OpenLDAP did not properly check forwarded
authentication failures when using a consumer server and chain overlay. If
OpenLDAP were configured in this manner, an attacker could bypass
authentication checks by sending an invalid password to a consumer server.
(CVE-2011-1024)

It was discovered that OpenLDAP did not properly perform authentication
checks to the rootdn when using the back-ndb backend. An attacker could
exploit this to access the directory by sending an arbitrary password.
Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue
did not affect Ubuntu 8.04 LTS. (CVE-2011-1025)

It was discovered that OpenLDAP did not properly validate modrdn requests.
An unauthenticated remote user could use this to cause a denial of service
via application crash. (CVE-2011-1081)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchslapd< 2.4.18-0ubuntu1.2UNKNOWN
Ubuntu9.10noarchldap-utils< 2.4.18-0ubuntu1.2UNKNOWN
Ubuntu9.10noarchlibldap-2.4-2< 2.4.18-0ubuntu1.2UNKNOWN
Ubuntu9.10noarchlibldap-2.4-2-dbg< 2.4.18-0ubuntu1.2UNKNOWN
Ubuntu9.10noarchlibldap2-dev< 2.4.18-0ubuntu1.2UNKNOWN
Ubuntu9.10noarchslapd-dbg< 2.4.18-0ubuntu1.2UNKNOWN
Ubuntu8.04noarchslapd< 2.4.9-0ubuntu0.8.04.5UNKNOWN
Ubuntu8.04noarchldap-utils< 2.4.9-0ubuntu0.8.04.5UNKNOWN
Ubuntu8.04noarchlibldap-2.4-2< 2.4.9-0ubuntu0.8.04.5UNKNOWN
Ubuntu8.04noarchlibldap-2.4-2-dbg< 2.4.9-0ubuntu0.8.04.5UNKNOWN
Rows per page:
1-10 of 241

Related

oraclelinux 2
openvas 21
nessus 19
fedora 2
redhat 3
securityvulns 2
veracode 1
gentoo 1
ubuntucve 3
nvd 3
cvelist 3
prion 3
cve 3
debiancve 3
centos 1
oraclelinux
oraclelinux
openldap security update
2011-03-10 00:00:00
openldap security and bug fix update
2011-03-10 00:00:00
openvas
openvas
RedHat Update for openldap RHSA-2011:0347-01
2012-06-06 00:00:00
Fedora Update for openldap FEDORA-2011-3627
2011-09-27 00:00:00
Fedora Update for openldap FEDORA-2011-3627
2011-09-27 00:00:00
nessus
nessus
Fedora 14 : openldap-2.4.23-10.fc14 (2011-3627)
2011-09-26 00:00:00
CentOS 5 : openldap (CESA-2011:0346)
2011-04-15 00:00:00
Scientific Linux Security Update : openldap on SL6.x i386/x86_64
2012-08-01 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: openldap-2.4.24-2.fc15
2011-04-21 05:33:29
[SECURITY] Fedora 14 Update: openldap-2.4.23-10.fc14
2011-09-25 03:47:40
redhat
redhat
(RHSA-2011:0347) Moderate: openldap security update
2011-03-10 00:00:00
(RHSA-2011:0346) Moderate: openldap security and bug fix update
2011-03-10 00:00:00
(RHSA-2011:0439) Moderate: rhev-hypervisor security and bug fix update
2011-04-13 00:00:00
securityvulns
securityvulns
OpenLDAP vulnerabilities
2011-03-31 00:00:00
[ MDVSA-2011:055 ] openldap
2011-03-31 00:00:00
veracode
veracode
Authentication Bypass
2020-04-10 00:59:40
gentoo
gentoo
OpenLDAP: Multiple vulnerabilities
2014-06-30 00:00:00
ubuntucve
ubuntucve
CVE-2011-1024
2011-03-19 00:00:00
CVE-2011-1025
2011-03-19 00:00:00
CVE-2011-1081
2011-03-19 00:00:00
nvd
nvd
CVE-2011-1024
2011-03-20 02:00:03
CVE-2011-1081
2011-03-20 02:00:04
CVE-2011-1025
2011-03-20 02:00:03
cvelist
cvelist
CVE-2011-1025
2011-03-20 01:00:00
CVE-2011-1024
2011-03-20 01:00:00
CVE-2011-1081
2011-03-20 01:00:00
prion
prion
Authentication flaw
2011-03-20 02:00:00
Authentication flaw
2011-03-20 02:00:00
Design/Logic Flaw
2011-03-20 02:00:00
cve
cve
CVE-2011-1025
2011-03-20 02:00:03
CVE-2011-1024
2011-03-20 02:00:03
CVE-2011-1081
2011-03-20 02:00:04
debiancve
debiancve
CVE-2011-1025
2011-03-20 02:00:03
CVE-2011-1024
2011-03-20 02:00:03
CVE-2011-1081
2011-03-20 02:00:04
centos
centos
compat, openldap security update
2011-04-14 23:48:17

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.8%

JSON
Related for USN-1100-1
oraclelinux2openvas21nessus19fedora2redhat3securityvulns2veracode1gentoo1ubuntucve3nvd3cvelist3prion3cve3debiancve3centos1