ByteOS Network

Vulnerability Details :

CVE-2011-1025

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-20 Mar, 2011 | 01:00

Updated At-06 Aug, 2024 | 22:14

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:redhat

Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749

Published At:20 Mar, 2011 | 01:00

Updated At:06 Aug, 2024 | 22:14

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://security.gentoo.org/glsa/glsa-201406-36.xml	vendor-advisory x_refsource_GENTOO
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661	x_refsource_CONFIRM
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=680472	x_refsource_CONFIRM
http://securitytracker.com/id?1025190	vdb-entry x_refsource_SECTRACK
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html	mailing-list x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056	vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2011-0347.html	vendor-advisory x_refsource_REDHAT
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	x_refsource_CONFIRM
http://openwall.com/lists/oss-security/2011/02/25/13	mailing-list x_refsource_MLIST
http://secunia.com/advisories/43718	third-party-advisory x_refsource_SECUNIA
http://openwall.com/lists/oss-security/2011/02/24/12	mailing-list x_refsource_MLIST
http://www.ubuntu.com/usn/USN-1100-1	vendor-advisory x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2011/0665	vdb-entry x_refsource_VUPEN
http://secunia.com/advisories/43331	third-party-advisory x_refsource_SECUNIA

Hyperlink: http://security.gentoo.org/glsa/glsa-201406-36.xml

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8

Resource:

x_refsource_CONFIRM

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=680472

Resource:

x_refsource_CONFIRM

Hyperlink: http://securitytracker.com/id?1025190

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: http://www.openldap.org/lists/openldap-announce/201102/msg00000.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:056

Resource:

vendor-advisory

x_refsource_MANDRIVA

Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0347.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Resource:

x_refsource_CONFIRM

Hyperlink: http://openwall.com/lists/oss-security/2011/02/25/13

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://secunia.com/advisories/43718

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://openwall.com/lists/oss-security/2011/02/24/12

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.ubuntu.com/usn/USN-1100-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.vupen.com/english/advisories/2011/0665

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://secunia.com/advisories/43331

Resource:

third-party-advisory

x_refsource_SECUNIA

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://security.gentoo.org/glsa/glsa-201406-36.xml	vendor-advisory x_refsource_GENTOO x_transferred
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661	x_refsource_CONFIRM x_transferred
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8	x_refsource_CONFIRM x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=680472	x_refsource_CONFIRM x_transferred
http://securitytracker.com/id?1025190	vdb-entry x_refsource_SECTRACK x_transferred
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html	mailing-list x_refsource_MLIST x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056	vendor-advisory x_refsource_MANDRIVA x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0347.html	vendor-advisory x_refsource_REDHAT x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	x_refsource_CONFIRM x_transferred
http://openwall.com/lists/oss-security/2011/02/25/13	mailing-list x_refsource_MLIST x_transferred
http://secunia.com/advisories/43718	third-party-advisory x_refsource_SECUNIA x_transferred
http://openwall.com/lists/oss-security/2011/02/24/12	mailing-list x_refsource_MLIST x_transferred
http://www.ubuntu.com/usn/USN-1100-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.vupen.com/english/advisories/2011/0665	vdb-entry x_refsource_VUPEN x_transferred
http://secunia.com/advisories/43331	third-party-advisory x_refsource_SECUNIA x_transferred

Hyperlink: http://security.gentoo.org/glsa/glsa-201406-36.xml

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=680472

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://securitytracker.com/id?1025190

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: http://www.openldap.org/lists/openldap-announce/201102/msg00000.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:056

Resource:

vendor-advisory

x_refsource_MANDRIVA

x_transferred

Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0347.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://openwall.com/lists/oss-security/2011/02/25/13

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://secunia.com/advisories/43718

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://openwall.com/lists/oss-security/2011/02/24/12

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-1100-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2011/0665

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://secunia.com/advisories/43331

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:secalert@redhat.com

Published At:20 Mar, 2011 | 02:00

Updated At:11 Apr, 2025 | 00:51

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

openldap>>openldap>>2.4.6

cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*

openldap>>openldap>>2.4.7

cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*

openldap>>openldap>>2.4.8

cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*

openldap>>openldap>>2.4.9

cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*

openldap>>openldap>>2.4.10

cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*

openldap>>openldap>>2.4.11

cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*

openldap>>openldap>>2.4.12

cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*

openldap>>openldap>>2.4.13

cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*

openldap>>openldap>>2.4.14

cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*

openldap>>openldap>>2.4.15

cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*

openldap>>openldap>>2.4.16

cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*

openldap>>openldap>>2.4.17

cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*

openldap>>openldap>>2.4.18

cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*

openldap>>openldap>>2.4.19

cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*

openldap>>openldap>>2.4.20

cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*

openldap>>openldap>>2.4.21

cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*

openldap>>openldap>>2.4.22

cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*

openldap>>openldap>>2.4.23

cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	nvd@nist.gov

CWE ID: CWE-287

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	secalert@redhat.com	N/A
http://openwall.com/lists/oss-security/2011/02/24/12	secalert@redhat.com	N/A
http://openwall.com/lists/oss-security/2011/02/25/13	secalert@redhat.com	N/A
http://secunia.com/advisories/43331	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/43718	secalert@redhat.com	N/A
http://security.gentoo.org/glsa/glsa-201406-36.xml	secalert@redhat.com	N/A
http://securitytracker.com/id?1025190	secalert@redhat.com	N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056	secalert@redhat.com	N/A
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8	secalert@redhat.com	Patch
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661	secalert@redhat.com	N/A
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html	secalert@redhat.com	N/A
http://www.redhat.com/support/errata/RHSA-2011-0347.html	secalert@redhat.com	N/A
http://www.ubuntu.com/usn/USN-1100-1	secalert@redhat.com	N/A
http://www.vupen.com/english/advisories/2011/0665	secalert@redhat.com	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=680472	secalert@redhat.com	Patch
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	af854a3a-2127-422b-91ae-364da2661108	N/A
http://openwall.com/lists/oss-security/2011/02/24/12	af854a3a-2127-422b-91ae-364da2661108	N/A
http://openwall.com/lists/oss-security/2011/02/25/13	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/43331	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/43718	af854a3a-2127-422b-91ae-364da2661108	N/A
http://security.gentoo.org/glsa/glsa-201406-36.xml	af854a3a-2127-422b-91ae-364da2661108	N/A
http://securitytracker.com/id?1025190	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2011-0347.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-1100-1	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2011/0665	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=680472	af854a3a-2127-422b-91ae-364da2661108	Patch