CVE-2011-1081
First published: Mon Feb 28 2011(Updated: )
It was reported [1],[2] that OpenLDAP's slapd daemon would crash when it received a request to modify a DN and submits an empty old DN in the request. No binding is necessary, so even an anonymous user could cause slapd to crash. This was reported against OpenLDAP 2.4.23 and was fixed in 2.4.24 [3]. References: [1] <a href="http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768">http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768</a> [2] <a href="https://bugzilla.novell.com/show_bug.cgi?id=674985#c1">https://bugzilla.novell.com/show_bug.cgi?id=674985#c1</a> [3] <a href="http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9">http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openldap Openldap | =2.4.17 | |
| Openldap Openldap | =2.4.6 | |
| Openldap Openldap | =2.4.11 | |
| Openldap Openldap | =2.4.8 | |
| Openldap Openldap | =2.4.9 | |
| Openldap Openldap | =2.4.16 | |
| Openldap Openldap | =2.4.22 | |
| Openldap Openldap | =2.4.20 | |
| Openldap Openldap | =2.4.15 | |
| Openldap Openldap | =2.4.18 | |
| Openldap Openldap | =2.4.7 | |
| Openldap Openldap | =2.4.23 | |
| Openldap Openldap | =2.4.14 | |
| Openldap Openldap | =2.4.19 | |
| Openldap Openldap | =2.4.12 | |
| Openldap Openldap | =2.4.21 | |
| Openldap Openldap | =2.4.13 | |
| Openldap Openldap | =2.4.10 |
Remedy
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/43331
- http://www.redhat.com/support/errata/RHSA-2011-0347.html
- http://openwall.com/lists/oss-security/2011/02/28/1
- http://openwall.com/lists/oss-security/2011/03/01/11
- https://bugzilla.redhat.com/show_bug.cgi?id=680975
- http://openwall.com/lists/oss-security/2011/03/01/15
- http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9
- http://securitytracker.com/id?1025191
- http://www.openldap.org/lists/openldap-announce/201102/msg00000.html
- http://openwall.com/lists/oss-security/2011/02/28/2
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768
- https://bugzilla.novell.com/show_bug.cgi?id=674985
- http://www.vupen.com/english/advisories/2011/0665
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:055
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:056
- http://www.ubuntu.com/usn/USN-1100-1
- http://secunia.com/advisories/43718
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://security.gentoo.org/glsa/glsa-201406-36.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66239
- https://bugzilla.novell.com/show_bug.cgi?id=674985#c1
- http://www.openwall.com/lists/oss-security/2011/03/01/11
- https://access.redhat.com/security/cve/CVE-2011-1081
- https://rhn.redhat.com/errata/RHSA-2011-0347.html
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1081
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/trending
- vendor/openldap
- canonical/openldap openldap
- version/openldap openldap/2.4.17
- version/openldap openldap/2.4.6
- version/openldap openldap/2.4.11
- version/openldap openldap/2.4.8
- version/openldap openldap/2.4.9
- version/openldap openldap/2.4.16
- version/openldap openldap/2.4.22
- version/openldap openldap/2.4.20
- version/openldap openldap/2.4.15
- version/openldap openldap/2.4.18
- version/openldap openldap/2.4.7
- version/openldap openldap/2.4.23
- version/openldap openldap/2.4.14
- version/openldap openldap/2.4.19
- version/openldap openldap/2.4.12
- version/openldap openldap/2.4.21
- version/openldap openldap/2.4.13
- version/openldap openldap/2.4.10