CVE-2011-1025 — Improper Authentication in Openldap

CWE-287 — Improper Authentication CWE-416 — Use After Free CWE-193 — Off-by-one Error CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer16 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

7.3%

top 8.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Debian Openldap

Timeline

PublishedMar 20

Latest updateMay 17

Description

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/openldap< openldap 2.4.25-1 (bookworm)

▶Debianopenldap/openldap< 2.4.25-1+3

▶NVDopenldap/openldap18 versions+17

Patches

Patch: www.openldap.org ↗Patch: bugzilla.redhat.com ↗Patch: www.openldap.org ↗

🔴Vulnerability Details

GHSA

GHSA-7m73-q993-vw77: bind↗2022-05-17

▶

OSV

CVE-2011-1025: bind↗2011-03-20

▶

💥Exploits & PoCs

Exploit-DB

PlaylistMaker 1.5 - '.txt' Local Buffer Overflow↗2011-04-13

▶

📋Vendor Advisories

Red Hat

Webkitgtk: google chrome update [30-April-2012]↗2012-05-01

▶

Red Hat

Webkitgtk: google chrome update [30-April-2012]↗2012-05-01

▶

Red Hat

Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)↗2012-04-24

▶

Red Hat

Webkitgtk: google chrome update [28-March-2012]↗2012-03-28

▶

Red Hat

WebkitGtk: Use-after-free in SVG clipping.↗2012-03-28

▶

💬Community

Bugzilla

CVE-2011-3057 v8: invalid read flaw↗2012-03-28

▶

Bugzilla

CVE-2011-1025 openldap: rootpw not verified via slapd.conf when using the NDB backend↗2011-02-25

▶

Bugzilla

CVE-2011-1024 CVE-2011-1025 openldap various flaws [fedora-all]↗2011-02-25

▶