Vulnerability CVE-2011-1081

Vulnerability Name:

CVE-2011-1081 (CCN-66239)

Assigned:

2011-01-03

Published:

2011-01-03

Updated:

2017-08-17

Summary:

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-399

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2011-1081

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: MLIST
Type: UNKNOWN
[oss-security] 20110228 Re: CVE Request -- OpenLDAP -- two issues

Source: MLIST
Type: Patch
[oss-security] 20110228 Re: CVE Request -- OpenLDAP -- two issues

Source: MLIST
Type: UNKNOWN
[oss-security] 20110301 Re: CVE Request -- OpenLDAP -- two issues

Source: MLIST
Type: UNKNOWN
[oss-security] 20110301 Re: CVE Request -- OpenLDAP -- two issues

Source: CCN
Type: RHSA-2011-0347
Moderate: openldap security update

Source: CCN
Type: SA43331
OpenLDAP Two Security Bypass Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
43331

Source: SECUNIA
Type: UNKNOWN
43718

Source: GENTOO
Type: UNKNOWN
GLSA-201406-36

Source: SECTRACK
Type: UNKNOWN
1025191

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:055

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:056

Source: CONFIRM
Type: Patch
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9

Source: CCN
Type: OpenLDAP Web site
SECURITY: Two OpenLDAP preauth vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768

Source: MLIST
Type: Patch
[openldap-announce] 20110212 OpenLDAP 2.4.24 available

Source: CCN
Type: OSVDB ID: 72530
OpenLDAP slapd modrdn.c Malformed Relative Distinguished Name (DN) Modification Request (MODRDN) Remote DoS

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0347

Source: CCN
Type: BID-46831
OpenLDAP 'modrdn' NULL OldDN Remote Denial of Service Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-1100-1

Source: VUPEN
Type: Vendor Advisory
ADV-2011-0665

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.novell.com/show_bug.cgi?id=674985

Source: CONFIRM
Type: Exploit, Patch
https://bugzilla.redhat.com/show_bug.cgi?id=680975

Source: XF
Type: UNKNOWN
openldap-modrdnc-dos(66239)

Source: XF
Type: UNKNOWN
openldap-modrdnc-dos(66239)

Source: SUSE
Type: SUSE-SR:2011:007
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:openldap:openldap:2.4.6:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.7:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.8:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.9:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.10:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.11:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.12:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.13:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.14:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.15:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.16:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.17:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.18:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.19:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.20:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.21:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.22:*:*:*:*:*:*:*

OR cpe:/a:openldap:openldap:2.4.23:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openldap:openldap:2.4.22:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20111081	V	CVE-2011-1081	2022-05-20
oval:org.mitre.oval:def:13722	P	USN-1100-1 -- openldap, openldap2.3 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:22679	P	ELSA-2011:0347: openldap security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21750	P	RHSA-2011:0347: openldap security update (Moderate)	2014-02-24
oval:com.redhat.rhsa:def:20110347	P	RHSA-2011:0347: openldap security update (Moderate)	2011-03-10

BACK