USN-1100-1: OpenLDAP vulnerabilities

31 March 2011

An attacker could send crafted input to OpenLDAP and cause it to crash.

Releases

Packages

Details

It was discovered that OpenLDAP did not properly check forwarded
authentication failures when using a slave server and chain overlay. If
OpenLDAP were configured in this manner, an attacker could bypass
authentication checks by sending an invalid password to a slave server.
(CVE-2011-1024)

It was discovered that OpenLDAP did not properly perform authentication
checks to the rootdn when using the back-ndb backend. An attacker could
exploit this to access the directory by sending an arbitrary password.
Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue
did not affect Ubuntu 8.04 LTS. (CVE-2011-1025)

It was discovered that OpenLDAP did not properly validate modrdn requests.
An unauthenticated remote user could use this to cause a denial of service
via application crash. (CVE-2011-1081)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.