USN-1100-1: OpenLDAP vulnerabilities
31 March 2011
An attacker could send crafted input to OpenLDAP and cause it to crash.
It was discovered that OpenLDAP did not properly check forwarded
authentication failures when using a slave server and chain overlay. If
OpenLDAP were configured in this manner, an attacker could bypass
authentication checks by sending an invalid password to a slave server.
It was discovered that OpenLDAP did not properly perform authentication
checks to the rootdn when using the back-ndb backend. An attacker could
exploit this to access the directory by sending an arbitrary password.
Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue
did not affect Ubuntu 8.04 LTS. (CVE-2011-1025)
It was discovered that OpenLDAP did not properly validate modrdn requests.
An unauthenticated remote user could use this to cause a denial of service
via application crash. (CVE-2011-1081)
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.