CVE-2011-1081
published 2011-03-20CVE-2011-1081: modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN)…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
13.52%
96.0th percentile
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openldap | < openldap 2.4.25-1 (bookworm) | openldap 2.4.25-1 (bookworm) |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | >= 0 < 2.4.25-1 | 2.4.25-1 |
| openldap | openldap | >= 0 < 2.4.25-1 | 2.4.25-1 |
| openldap | openldap | >= 0 < 2.4.25-1 | 2.4.25-1 |
| openldap | openldap | >= 0 < 2.4.25-1 | 2.4.25-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_ubuntu4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenLDAP vulnerabilities
vendor_ubuntu·2011-03-31·CVSS 4.6
CVE-2011-1025 [MEDIUM] OpenLDAP vulnerabilities
Title: OpenLDAP vulnerabilities
Summary: An attacker could send crafted input to OpenLDAP and cause it to crash.
It was discovered that OpenLDAP did not properly check forwarded
authentication failures when using a consumer server and chain overlay. If
OpenLDAP were configured in this manner, an attacker could bypass
authentication checks by sending an invalid password to a consumer server.
(CVE-2011-1024)
It was discovered that OpenLDAP did not properly perform authentication
checks to the rootdn when using the back-ndb backend. An attacker could
exploit this to access the directory by sending an arbitrary password.
Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue
did not affect Ubuntu 8.04 LTS. (CVE-2011-1025)
It was discovered that OpenLDAP did not properly
Red Hat
openldap: DoS when submitting special MODRDN request
vendor_redhat·2011-01-03·CVSS 5.0
CVE-2011-1081 [MEDIUM] openldap: DoS when submitting special MODRDN request
openldap: DoS when submitting special MODRDN request
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
Package: openldap (Red Hat Enterprise Linux 4) - Not affected
Package: openldap (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2011-1081: openldap - modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cau...
vendor_debian·2011·CVSS 5.0
CVE-2011-1081 [MEDIUM] CVE-2011-1081: openldap - modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cau...
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
Scope: local
bookworm: resolved (fixed in 2.4.25-1)
bullseye: resolved (fixed in 2.4.25-1)
forky: resolved (fixed in 2.4.25-1)
sid: resolved (fixed in 2.4.25-1)
trixie: resolved (fixed in 2.4.25-1)
GHSA
GHSA-697q-5f36-g4h9: modrdn
ghsa_unreviewed·2022-05-17
CVE-2011-1081 [MEDIUM] GHSA-697q-5f36-g4h9: modrdn
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
OSV
CVE-2011-1081: modrdn
osv·2011-03-20·CVSS 5.0
CVE-2011-1081 [MEDIUM] CVE-2011-1081: modrdn
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
No detection rules found.
Exploit-DB
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)
exploitdb·2011-10-23
CVE-2011-4075 phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)
---
$key)) {\n";
1018. $code .= " asort(\$a->$key);\n";
1019. $code .= " \$aa = array_shift(\$a->$key);\n";
....
1078. $code .= 'return $c;';
1079.
1080. $CACHE[$sortby] = create_function('$a, $b',$code);
1081. }
The $sortby parameter passed to 'masort' function isn't properly sanitized before being used in a call to create_function()
at line 1080, this can be exploited to inject and execute arbitrary PHP code. The only possible attack vector is when handling
the 'query_engine' command, here input passed through $_REQUEST['orderby'] is passed as $sortby parameter to 'masort' function.
[-] Disclosure timeline:
[30/09/2011] - Vulnerability discovered
[02/10/2011] - Issue reported to http://sourceforge.net/support/tracker.php?aid=341
Exploit-DB
OpenLDAP 2.4.x - 'modrdn' NULL OldDN Remote Denial of Service
exploitdb·2011-01-03
CVE-2011-1081 OpenLDAP 2.4.x - 'modrdn' NULL OldDN Remote Denial of Service
OpenLDAP 2.4.x - 'modrdn' NULL OldDN Remote Denial of Service
---
source: https://www.securityfocus.com/bid/46831/info
OpenLDAP is prone to a remote denial-of-service vulnerability that affects the 'modify relative distinguished name' (modrdn) command.
Attackers can exploit this issue to deny service to legitimate users by crashing affected 'slapd' servers.
ldapmodrdn -x -H ldap://ldapserver -r '' o=test
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://openwall.com/lists/oss-security/2011/02/28/1http://openwall.com/lists/oss-security/2011/02/28/2http://openwall.com/lists/oss-security/2011/03/01/11http://openwall.com/lists/oss-security/2011/03/01/15http://secunia.com/advisories/43331http://secunia.com/advisories/43718http://security.gentoo.org/glsa/glsa-201406-36.xmlhttp://securitytracker.com/id?1025191http://www.mandriva.com/security/advisories?name=MDVSA-2011:055http://www.mandriva.com/security/advisories?name=MDVSA-2011:056http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768http://www.openldap.org/lists/openldap-announce/201102/msg00000.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0347.htmlhttp://www.ubuntu.com/usn/USN-1100-1http://www.vupen.com/english/advisories/2011/0665https://bugzilla.novell.com/show_bug.cgi?id=674985https://bugzilla.redhat.com/show_bug.cgi?id=680975https://exchange.xforce.ibmcloud.com/vulnerabilities/66239http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://openwall.com/lists/oss-security/2011/02/28/1http://openwall.com/lists/oss-security/2011/02/28/2http://openwall.com/lists/oss-security/2011/03/01/11http://openwall.com/lists/oss-security/2011/03/01/15http://secunia.com/advisories/43331http://secunia.com/advisories/43718http://security.gentoo.org/glsa/glsa-201406-36.xmlhttp://securitytracker.com/id?1025191http://www.mandriva.com/security/advisories?name=MDVSA-2011:055http://www.mandriva.com/security/advisories?name=MDVSA-2011:056http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768http://www.openldap.org/lists/openldap-announce/201102/msg00000.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0347.htmlhttp://www.ubuntu.com/usn/USN-1100-1http://www.vupen.com/english/advisories/2011/0665https://bugzilla.novell.com/show_bug.cgi?id=674985https://bugzilla.redhat.com/show_bug.cgi?id=680975https://exchange.xforce.ibmcloud.com/vulnerabilities/66239
2011-03-20
Published