CVE-2011-1025
Published: 19 March 2011
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
Notes
Author | Note |
---|---|
jdstrand | code not compiled (requires --enable-ndb) |
Priority
Status
Package | Release | Status |
---|---|---|
openldap Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
hardy |
Does not exist
|
|
karmic |
Released
(2.4.18-0ubuntu1.2)
|
|
lucid |
Released
(2.4.21-0ubuntu5.4)
|
|
maverick |
Released
(2.4.23-0ubuntu3.5)
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2011-0347.html |
||
openldap2.3 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
hardy |
Not vulnerable
(code not present)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
openldap2.2 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Not vulnerable
(code not present)
|
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|