CVE-2011-1025
published 2011-03-20CVE-2011-1025: bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to…
PriorityP348medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.45%
90.2th percentile
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openldap | < openldap 2.4.25-1 (bookworm) | openldap 2.4.25-1 (bookworm) |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | >= 0 < 2.4.25-1 | 2.4.25-1 |
| openldap | openldap | >= 0 < 2.4.25-1 | 2.4.25-1 |
| openldap | openldap | >= 0 < 2.4.25-1 | 2.4.25-1 |
| openldap | openldap | >= 0 < 2.4.25-1 | 2.4.25-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_redhat7.5HIGH
vendor_debian6.8LOW
vendor_ubuntu4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Webkitgtk: google chrome update [30-April-2012]
vendor_redhat·2012-05-01·CVSS 6.8
CVE-2011-3078 [MEDIUM] Webkitgtk: google chrome update [30-April-2012]
Webkitgtk: google chrome update [30-April-2012]
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.
Statement: Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Not affected
Red Hat
Webkitgtk: google chrome update [30-April-2012]
vendor_redhat·2012-05-01·CVSS 6.8
CVE-2011-3081 [MEDIUM] Webkitgtk: google chrome update [30-April-2012]
Webkitgtk: google chrome update [30-April-2012]
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
Statement: Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Not affected
Red Hat
Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)
vendor_redhat·2012-04-24·CVSS 6.8
CVE-2011-3062 [MEDIUM] CWE-193 Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)
Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
Red Hat
Webkitgtk: google chrome update [28-March-2012]
vendor_redhat·2012-03-28·CVSS 6.8
CVE-2011-3060 [MEDIUM] Webkitgtk: google chrome update [28-March-2012]
Webkitgtk: google chrome update [28-March-2012]
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Statement: Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Not affected
Red Hat
WebkitGtk: Use-after-free in SVG clipping.
vendor_redhat·2012-03-28·CVSS 7.5
CVE-2011-3064 [HIGH] CWE-416 WebkitGtk: Use-after-free in SVG clipping.
WebkitGtk: Use-after-free in SVG clipping.
Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.
Statement: This issue affects the version of webkitgtk as shipped with Red Hat Enterprise Linux 6.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Will not fix
Red Hat
Webkitgtk: google chrome update [28-March-2012]
vendor_redhat·2012-03-28·CVSS 6.8
CVE-2011-3059 [MEDIUM] Webkitgtk: google chrome update [28-March-2012]
Webkitgtk: google chrome update [28-March-2012]
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Statement: Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Not affected
Ubuntu
OpenLDAP vulnerabilities
vendor_ubuntu·2011-03-31·CVSS 4.6
CVE-2011-1025 [MEDIUM] OpenLDAP vulnerabilities
Title: OpenLDAP vulnerabilities
Summary: An attacker could send crafted input to OpenLDAP and cause it to crash.
It was discovered that OpenLDAP did not properly check forwarded
authentication failures when using a consumer server and chain overlay. If
OpenLDAP were configured in this manner, an attacker could bypass
authentication checks by sending an invalid password to a consumer server.
(CVE-2011-1024)
It was discovered that OpenLDAP did not properly perform authentication
checks to the rootdn when using the back-ndb backend. An attacker could
exploit this to access the directory by sending an arbitrary password.
Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue
did not affect Ubuntu 8.04 LTS. (CVE-2011-1025)
It was discovered that OpenLDAP did not properly
Debian
CVE-2011-1025: openldap - bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentica...
vendor_debian·2011·CVSS 6.8
CVE-2011-1025 [MEDIUM] CVE-2011-1025: openldap - bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentica...
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
Scope: local
bookworm: resolved (fixed in 2.4.25-1)
bullseye: resolved (fixed in 2.4.25-1)
forky: resolved (fixed in 2.4.25-1)
sid: resolved (fixed in 2.4.25-1)
trixie: resolved (fixed in 2.4.25-1)
Red Hat
openldap: rootpw not verified via slapd.conf when using the NDB backend
vendor_redhat·2010-09-29·CVSS 6.8
CVE-2011-1025 [MEDIUM] openldap: rootpw not verified via slapd.conf when using the NDB backend
openldap: rootpw not verified via slapd.conf when using the NDB backend
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
Package: openldap (Red Hat Enterprise Linux 4) - Not affected
Package: openldap (Red Hat Enterprise Linux 5) - Not affected
GHSA
GHSA-7m73-q993-vw77: bind
ghsa_unreviewed·2022-05-17
CVE-2011-1025 [MEDIUM] CWE-287 GHSA-7m73-q993-vw77: bind
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
OSV
CVE-2011-1025: bind
osv·2011-03-20·CVSS 6.8
CVE-2011-1025 [MEDIUM] CVE-2011-1025: bind
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
No detection rules found.
Bugzilla
CVE-2011-3057 v8: invalid read flaw
bugzilla·2012-03-28·CVSS 4.3
CVE-2011-3057 [MEDIUM] CVE-2011-3057 v8: invalid read flaw
CVE-2011-3057 v8: invalid read flaw
The Google Chrome release 18.0.1025.142 noted the following flaw in v8:
[$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.
Unfortunately the upstream bug report is private, so I cannot provide further details.
The Gentoo bug [1] implies this is fixed in 3.8.9.16, but I cannot seem to verify this.
[1] https://bugs.gentoo.org/show_bug.cgi?id=410045
Discussion:
This was corrected in Fedora quite some time ago; not sure why this was in an embargoed state for so long. Looks to have been fixed in v8 3.8.9.16.
Bugzilla
CVE-2011-1025 openldap: rootpw not verified via slapd.conf when using the NDB backend
bugzilla·2011-02-25·CVSS 6.8
CVE-2011-1025 [MEDIUM] CVE-2011-1025 openldap: rootpw not verified via slapd.conf when using the NDB backend
CVE-2011-1025 openldap: rootpw not verified via slapd.conf when using the NDB backend
It was reported [1],[2] that OpenLDAP, when using the back-ndb backend (which uses MySQL's NDB cluster engine for the backend storage), would allow successful authentication to the root DN regardless of whether the correct password was provided. In order for this to be successfully exploited, the attacker would need to know the root DN (e.g. cn=root,dc=example,dc=com) to authenticate with.
The back-ndb backend was introduced in OpenLDAP 2.4.12; earlier versions do not have this backend and are thus not vulnerable to this flaw.
References:
[1] http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661
[2] http://secunia.com/advisories/43331/
[3] http://www.openldap.org/devel/cvsweb.cgi/servers/slapd
Bugzilla
CVE-2011-1024 CVE-2011-1025 openldap various flaws [fedora-all]
bugzilla·2011-02-25·CVSS 4.6
CVE-2011-1024 [MEDIUM] CVE-2011-1024 CVE-2011-1025 openldap various flaws [fedora-all]
CVE-2011-1024 CVE-2011-1025 openldap various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=680466
Please note: this issue affects multiple supported
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://openwall.com/lists/oss-security/2011/02/24/12http://openwall.com/lists/oss-security/2011/02/25/13http://secunia.com/advisories/43331http://secunia.com/advisories/43718http://security.gentoo.org/glsa/glsa-201406-36.xmlhttp://securitytracker.com/id?1025190http://www.mandriva.com/security/advisories?name=MDVSA-2011:056http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661http://www.openldap.org/lists/openldap-announce/201102/msg00000.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0347.htmlhttp://www.ubuntu.com/usn/USN-1100-1http://www.vupen.com/english/advisories/2011/0665https://bugzilla.redhat.com/show_bug.cgi?id=680472http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://openwall.com/lists/oss-security/2011/02/24/12http://openwall.com/lists/oss-security/2011/02/25/13http://secunia.com/advisories/43331http://secunia.com/advisories/43718http://security.gentoo.org/glsa/glsa-201406-36.xmlhttp://securitytracker.com/id?1025190http://www.mandriva.com/security/advisories?name=MDVSA-2011:056http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661http://www.openldap.org/lists/openldap-announce/201102/msg00000.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0347.htmlhttp://www.ubuntu.com/usn/USN-1100-1http://www.vupen.com/english/advisories/2011/0665https://bugzilla.redhat.com/show_bug.cgi?id=680472
2011-03-20
Published