CVE-2011-1025

Published: 19 March 2011

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

Priority

Negligible

Status

Package Release Status
openldap
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Vendor: https://rhn.redhat.com/errata/RHSA-2011-0347.html
openldap2.2
Launchpad, Ubuntu, Debian
Upstream Needs triage

openldap2.3
Launchpad, Ubuntu, Debian
Upstream Needs triage