Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-1025
HistoryMar 19, 2011 - 12:00 a.m.

CVE-2011-1025

2011-03-1900:00:00
ubuntu.com
ubuntu.com
13

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.018

Percentile

88.3%

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require
authentication for the root Distinguished Name (DN), which allows remote
attackers to bypass intended access restrictions via an arbitrary password.

Bugs

Notes

Author Note
jdstrand code not compiled (requires --enable-ndb)
OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarchopenldap< 2.4.18-0ubuntu1.2UNKNOWN
ubuntu10.04noarchopenldap< 2.4.21-0ubuntu5.4UNKNOWN
ubuntu10.10noarchopenldap< 2.4.23-0ubuntu3.5UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.018

Percentile

88.3%