Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1081 — Openldap vulnerability

CWE-3999 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

2.7%

top 14.08%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openldap Debian Openldap

Timeline

PublishedMar 20

Latest updateMay 17

Description

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openldap< openldap 2.4.25-1 (bookworm)

▶Debianopenldap/openldap< 2.4.25-1+3

▶NVDopenldap/openldap18 versions+17

Patches

Patch: openwall.com ↗Patch: www.openldap.org ↗Patch: www.openldap.org ↗

🔴Vulnerability Details

GHSA

GHSA-697q-5f36-g4h9: modrdn↗2022-05-17

▶

OSV

CVE-2011-1081: modrdn↗2011-03-20

▶

💥Exploits & PoCs

Exploit-DB

phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)↗2011-10-23

▶

Exploit-DB

OpenLDAP 2.4.x - 'modrdn' NULL OldDN Remote Denial of Service↗2011-01-03

▶

📋Vendor Advisories

Ubuntu

OpenLDAP vulnerabilities↗2011-03-31

▶

Red Hat

openldap: DoS when submitting special MODRDN request↗2011-01-03

▶

Debian

CVE-2011-1081: openldap - modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cau...↗2011

▶

💬Community

Bugzilla

CVE-2011-1081 openldap: DoS when submitting special MODRDN request↗2011-02-28

▶