REDHAT-BUG-680472
First published: Fri Feb 25 2011(Updated: )
It was reported [1],[2] that OpenLDAP, when using the back-ndb backend (which uses MySQL's NDB cluster engine for the backend storage), would allow successful authentication to the root DN regardless of whether the correct password was provided. In order for this to be successfully exploited, the attacker would need to know the root DN (e.g. cn=root,dc=example,dc=com) to authenticate with. The back-ndb backend was introduced in OpenLDAP 2.4.12; earlier versions do not have this backend and are thus not vulnerable to this flaw. References: [1] <a href="http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661">http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661</a> [2] <a href="http://secunia.com/advisories/43331/">http://secunia.com/advisories/43331/</a> [3] <a href="http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8">http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenLDAP | >=2.4.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661
- http://secunia.com/advisories/43331/
- http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=680483
- http://dev.mysql.com/doc/refman/5.0/en/mysql-cluster.html
- https://rhn.redhat.com/errata/RHSA-2011-0347.html
- https://bugzilla.redhat.com/show_bug.cgi?id=680472
Frequently Asked Questions
What is the severity of REDHAT-BUG-680472?
The severity of REDHAT-BUG-680472 is considered critical due to the authentication bypass vulnerability.
How do I fix REDHAT-BUG-680472?
To fix REDHAT-BUG-680472, upgrading OpenLDAP to a version later than 2.4.12 that includes the necessary patches is required.
Which versions of OpenLDAP are affected by REDHAT-BUG-680472?
OpenLDAP versions 2.4.12 and earlier that utilize the back-ndb backend are affected by REDHAT-BUG-680472.
What are the implications of REDHAT-BUG-680472?
The implications of REDHAT-BUG-680472 include the potential unauthorized access to the root DN without proper authentication.
Is there a workaround for REDHAT-BUG-680472?
There are no effective workarounds for REDHAT-BUG-680472, and updating OpenLDAP is the recommended mitigation.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1025
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openldap
- canonical/openldap