Vulnerability CVE-2011-1025

Vulnerability Name:

CVE-2011-1025 (CCN-65392)

Assigned:

2010-09-29

Published:

2010-09-29

Updated:

2017-01-07

Summary:

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

CVSS v3 Severity:

3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-287

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2011-1025

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: MLIST
Type: UNKNOWN
[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues

Source: MLIST
Type: UNKNOWN
[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issue

Source: CCN
Type: RHSA-2011-0347
Moderate: openldap security update

Source: CCN
Type: SA43331
OpenLDAP Two Security Bypass Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
43331

Source: SECUNIA
Type: UNKNOWN
43718

Source: GENTOO
Type: UNKNOWN
GLSA-201406-36

Source: SECTRACK
Type: UNKNOWN
1025190

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:056

Source: CONFIRM
Type: Patch
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8

Source: CCN
Type: OpenLDAP Web site
rootpw is not verified with slapd.conf

Source: CONFIRM
Type: UNKNOWN
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661

Source: MLIST
Type: UNKNOWN
[openldap-announce] 20110212 OpenLDAP 2.4.24 available

Source: CCN
Type: OSVDB ID: 72529
OpenLDAP back-ndb bind.cpp root Distinguished Name (DN) Arbitrary Password Authentication Bypass

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0347

Source: CCN
Type: BID-46363
OpenLDAP Multiple Security Bypass Vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-1100-1

Source: VUPEN
Type: Vendor Advisory
ADV-2011-0665

Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=680472

Source: XF
Type: UNKNOWN
openldap-backndb-security-bypass(65392)

Vulnerable Configuration:

Configuration 1:

cpe:/a:openldap:openldap:2.4.6:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.7:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.8:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.9:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.10:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.11:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.12:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.13:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.14:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.15:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.16:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.17:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.18:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.19:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.20:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.21:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.22:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.23:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openldap:openldap:2.4.23:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:13722	P	USN-1100-1 -- openldap, openldap2.3 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:22679	P	ELSA-2011:0347: openldap security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21750	P	RHSA-2011:0347: openldap security update (Moderate)	2014-02-24
oval:com.redhat.rhsa:def:20110347	P	RHSA-2011:0347: openldap security update (Moderate)	2011-03-10

BACK