Vulnerabilities > CVE-2011-1081 - Resource Management Errors vulnerability in Openldap

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

openldap

CWE-399

nessus

exploit available

NVD

Published: 2011-03-20

Updated: 2024-11-21

Summary

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.

Vulnerable Configurations

Part	Description	Count
Application	Openldap Openldap Openldap 2.4.17 Openldap Openldap 2.4.6 Openldap Openldap 2.4.11 Openldap Openldap 2.4.8 Openldap Openldap 2.4.9 Openldap Openldap 2.4.16 Openldap Openldap 2.4.22 Openldap Openldap 2.4.20 Openldap Openldap 2.4.15 Openldap Openldap 2.4.18 Openldap Openldap 2.4.7 Openldap Openldap 2.4.23 Openldap Openldap 2.4.14 Openldap Openldap 2.4.19 Openldap Openldap 2.4.12 Openldap Openldap 2.4.21 Openldap Openldap 2.4.13 Openldap Openldap 2.4.10	18

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Exploit-Db

description	OpenLDAP 2.4.x 'modrdn' NULL OldDN Remote Denial of Service Vulnerability. CVE-2011-1081. Dos exploit for linux platform
id	EDB-ID:35445
last seen	2016-02-04
modified	2011-01-03
published	2011-01-03
reporter	Serge Dubrouski
source	https://www.exploit-db.com/download/35445/
title	OpenLDAP 2.4.x - 'modrdn' NULL OldDN Remote Denial of Service Vulnerability

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2011-056.NASL
description	Multiple vulnerabilities has been identified and fixed in openldap : chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server (CVE-2011-1024). bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password (CVE-2011-1025). modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field (CVE-2011-1081). The updated packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	53227
published	2011-03-31
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53227
title	Mandriva Linux Security Advisory : openldap (MDVSA-2011:056)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2011:056. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(53227); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2011-1024", "CVE-2011-1025", "CVE-2011-1081"); script_bugtraq_id(46363, 46831); script_xref(name:"MDVSA", value:"2011:056"); script_name(english:"Mandriva Linux Security Advisory : openldap (MDVSA-2011:056)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been identified and fixed in openldap : chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server (CVE-2011-1024). bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password (CVE-2011-1025). modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field (CVE-2011-1081). The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ldap2.4_2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2.4_2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2.4_2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2.4_2-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-servers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-testprogs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-tests"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64ldap2.4_2-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64ldap2.4_2-devel-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64ldap2.4_2-static-devel-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libldap2.4_2-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libldap2.4_2-devel-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libldap2.4_2-static-devel-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"openldap-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"openldap-clients-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"openldap-doc-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"openldap-servers-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"openldap-testprogs-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"openldap-tests-2.4.19-2.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64ldap2.4_2-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64ldap2.4_2-devel-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64ldap2.4_2-static-devel-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libldap2.4_2-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libldap2.4_2-devel-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libldap2.4_2-static-devel-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"openldap-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"openldap-clients-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"openldap-doc-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"openldap-servers-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"openldap-testprogs-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"openldap-tests-2.4.22-2.2mdv2010.2", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201406-36.NASL
description	The remote host is affected by the vulnerability described in GLSA-201406-36 (OpenLDAP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, bypass security restrictions or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	76331
published	2014-07-01
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76331
title	GLSA-201406-36 : OpenLDAP: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201406-36. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(76331); script_version("1.6"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2009-3767", "CVE-2010-0211", "CVE-2010-0212", "CVE-2011-1024", "CVE-2011-1025", "CVE-2011-1081", "CVE-2011-4079", "CVE-2012-1164", "CVE-2012-2668"); script_bugtraq_id(36844, 41770, 46363, 46831, 50384, 52404, 53823); script_xref(name:"GLSA", value:"201406-36"); script_name(english:"GLSA-201406-36 : OpenLDAP: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201406-36 (OpenLDAP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, bypass security restrictions or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201406-36" ); script_set_attribute( attribute:"solution", value: "All OpenLDAP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-nds/openldap-2.4.35'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openldap"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-nds/openldap", unaffected:make_list("ge 2.4.35"), vulnerable:make_list("lt 2.4.35"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenLDAP"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-3627.NASL
description	Changes not covered by bugs : - removed slurpd options from sysconfig/ldap - fix: possible NULL pointer dereference in NSS implementation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	56296
published	2011-09-26
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/56296
title	Fedora 14 : openldap-2.4.23-10.fc14 (2011-3627)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-3627. # include("compat.inc"); if (description) { script_id(56296); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:35"); script_cve_id("CVE-2011-1024", "CVE-2011-1025", "CVE-2011-1081"); script_bugtraq_id(46363, 46831); script_xref(name:"FEDORA", value:"2011-3627"); script_name(english:"Fedora 14 : openldap-2.4.23-10.fc14 (2011-3627)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Changes not covered by bugs : - removed slurpd options from sysconfig/ldap - fix: possible NULL pointer dereference in NSS implementation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=680466" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=680472" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=680975" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066251.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2b235408" ); script_set_attribute( attribute:"solution", value:"Update the affected openldap package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openldap"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/09/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"openldap-2.4.23-10.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openldap"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_4_OPENLDAP2-110304.NASL
description	Master/slave configurations with enabled
last seen	2020-06-01
modified	2020-06-02
plugin id	75981
published	2014-06-13
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75981
title	openSUSE Security Update : openldap2 (openSUSE-SU-2011:0363-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openldap2-4093. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75981); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-1024", "CVE-2011-1081"); script_name(english:"openSUSE Security Update : openldap2 (openSUSE-SU-2011:0363-1)"); script_summary(english:"Check for the openldap2-4093 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Master/slave configurations with enabled 'ppolicy_forward_updates' option potentially allowed users to log in with an invalid password (CVE-2011-1024). unauthenticated users could crash the ldap server (CVE-2011-1081)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=648479" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=674985" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-04/msg00059.html" ); script_set_attribute( attribute:"solution", value:"Update the affected openldap2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-back-meta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-back-meta-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-back-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-back-perl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-back-sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-back-sql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"openldap2-2.4.23-11.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"openldap2-back-meta-2.4.23-11.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"openldap2-back-meta-debuginfo-2.4.23-11.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"openldap2-back-perl-2.4.23-11.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"openldap2-back-perl-debuginfo-2.4.23-11.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"openldap2-back-sql-2.4.23-11.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"openldap2-back-sql-debuginfo-2.4.23-11.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"openldap2-debuginfo-2.4.23-11.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"openldap2-debugsource-2.4.23-11.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openldap2 / openldap2-back-meta / openldap2-back-perl / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_3_OPENLDAP2-110303.NASL
description	Master/slave configurations with enabled
last seen	2020-06-01
modified	2020-06-02
plugin id	75686
published	2014-06-13
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75686
title	openSUSE Security Update : openldap2 (openSUSE-SU-2011:0359-1)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2011-055.NASL
description	Multiple vulnerabilities has been identified and fixed in openldap : chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server (CVE-2011-1024). modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field (CVE-2011-1081). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	53226
published	2011-03-31
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53226
title	Mandriva Linux Security Advisory : openldap (MDVSA-2011:055)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2011-0347.NASL
description	From Red Hat Security Advisory 2011:0347 : Updated openldap packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024) It was found that the OpenLDAP back-ndb back end allowed successful authentication to the root distinguished name (DN) when any string was provided as a password. A remote user could use this flaw to access an OpenLDAP directory if they knew the value of the root DN. Note: This issue only affected OpenLDAP installations using the NDB back-end, which is only available for Red Hat Enterprise Linux 6 via third-party software. (CVE-2011-1025) A flaw was found in the way OpenLDAP handled modify relative distinguished name (modrdn) requests. A remote, unauthenticated user could use this flaw to crash an OpenLDAP server via a modrdn request containing an empty old RDN value. (CVE-2011-1081) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	68229
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68229
title	Oracle Linux 6 : openldap (ELSA-2011-0347)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1100-1.NASL
description	It was discovered that OpenLDAP did not properly check forwarded authentication failures when using a slave server and chain overlay. If OpenLDAP were configured in this manner, an attacker could bypass authentication checks by sending an invalid password to a slave server. (CVE-2011-1024) It was discovered that OpenLDAP did not properly perform authentication checks to the rootdn when using the back-ndb backend. An attacker could exploit this to access the directory by sending an arbitrary password. Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue did not affect Ubuntu 8.04 LTS. (CVE-2011-1025) It was discovered that OpenLDAP did not properly validate modrdn requests. An unauthenticated remote user could use this to cause a denial of service via application crash. (CVE-2011-1081). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	53257
published	2011-04-01
reporter	Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53257
title	Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openldap, openldap2.3 vulnerabilities (USN-1100-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-0346.NASL
description	Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024) This update also fixes the following bug : * Previously, multiple concurrent connections to an OpenLDAP server could cause the slapd service to terminate unexpectedly with an assertion error. This update adds mutexes to protect multiple threads from accessing a structure with a connection, and the slapd service no longer crashes. (BZ#677611) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	52627
published	2011-03-11
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/52627
title	RHEL 5 : openldap (RHSA-2011:0346)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_2_OPENLDAP2-110303.NASL
description	Master/slave configurations with enabled
last seen	2020-06-01
modified	2020-06-02
plugin id	53783
published	2011-05-05
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53783
title	openSUSE Security Update : openldap2 (openSUSE-SU-2011:0356-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-3612.NASL
description	Three security issues were fixed during the rebase! Changes not covered by bugs : - new: system resource limiting for slapd using ulimit - fix: possible NULL pointer dereference in NSS implementation OpenLDAP package was rebased to 2.4.24. Extension of API : - libldap adds: ldap_destroy ldap_dup ldap_sasl_interactive_bind - libldif adds: ldif_put_wrap ldif_sput_wrap Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	53516
published	2011-04-22
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53516
title	Fedora 15 : openldap-2.4.24-2.fc15 (2011-3612)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20110310_OPENLDAP_ON_SL6_X.NASL
description	A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024) It was found that the OpenLDAP back-ndb back end allowed successful authentication to the root distinguished name (DN) when any string was provided as a password. A remote user could use this flaw to access an OpenLDAP directory if they knew the value of the root DN. Note: This issue only affected OpenLDAP installations using the NDB back-end, which is only available for Scientific Linux 6 via third-party software. (CVE-2011-1025) A flaw was found in the way OpenLDAP handled modify relative distinguished name (modrdn) requests. A remote, unauthenticated user could use this flaw to crash an OpenLDAP server via a modrdn request containing an empty old RDN value. (CVE-2011-1081) After installing this update, the OpenLDAP daemons will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	60988
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60988
title	Scientific Linux Security Update : openldap on SL6.x i386/x86_64

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-0347.NASL
description	Updated openldap packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024) It was found that the OpenLDAP back-ndb back end allowed successful authentication to the root distinguished name (DN) when any string was provided as a password. A remote user could use this flaw to access an OpenLDAP directory if they knew the value of the root DN. Note: This issue only affected OpenLDAP installations using the NDB back-end, which is only available for Red Hat Enterprise Linux 6 via third-party software. (CVE-2011-1025) A flaw was found in the way OpenLDAP handled modify relative distinguished name (modrdn) requests. A remote, unauthenticated user could use this flaw to crash an OpenLDAP server via a modrdn request containing an empty old RDN value. (CVE-2011-1081) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	52628
published	2011-03-11
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/52628
title	RHEL 6 : openldap (RHSA-2011:0347)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_COMPAT-LIBLDAP-2_3-0-110303.NASL
description	The following security issues have been fixed : - Master/slave configurations with enabled
last seen	2020-06-01
modified	2020-06-02
plugin id	53484
published	2011-04-19
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/53484
title	SuSE 11.1 Security Update : OpenLDAP (SAT Patch Number 4086)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2011-0346.NASL
description	From Red Hat Security Advisory 2011:0346 : Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024) This update also fixes the following bug : * Previously, multiple concurrent connections to an OpenLDAP server could cause the slapd service to terminate unexpectedly with an assertion error. This update adds mutexes to protect multiple threads from accessing a structure with a connection, and the slapd service no longer crashes. (BZ#677611) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	68228
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68228
title	Oracle Linux 5 : openldap (ELSA-2011-0346)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2011-0346.NASL
description	Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024) This update also fixes the following bug : * Previously, multiple concurrent connections to an OpenLDAP server could cause the slapd service to terminate unexpectedly with an assertion error. This update adds mutexes to protect multiple threads from accessing a structure with a connection, and the slapd service no longer crashes. (BZ#677611) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	53428
published	2011-04-15
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53428
title	CentOS 5 : openldap (CESA-2011:0346)

Redhat

advisories

bugzilla

id	680975
title	CVE-2011-1081 openldap: DoS when submitting special MODRDN request

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment openldap-servers-sql is earlier than 0:2.4.19-15.el6_0.2
oval oval:com.redhat.rhsa:tst:20110347001
comment openldap-servers-sql is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20151292004

AND

comment openldap-devel is earlier than 0:2.4.19-15.el6_0.2
oval oval:com.redhat.rhsa:tst:20110347003
comment openldap-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20151292002

AND

comment openldap-servers is earlier than 0:2.4.19-15.el6_0.2
oval oval:com.redhat.rhsa:tst:20110347005
comment openldap-servers is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20151292006

AND

comment openldap-clients is earlier than 0:2.4.19-15.el6_0.2
oval oval:com.redhat.rhsa:tst:20110347007
comment openldap-clients is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20151292010

AND
comment openldap is earlier than 0:2.4.19-15.el6_0.2
oval oval:com.redhat.rhsa:tst:20110347009
comment openldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20151292008

AND

comment compat-openldap is earlier than 0:2.4.19_2.3.43-15.el6_0.2
oval oval:com.redhat.rhsa:tst:20110347011
comment compat-openldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110347012

rhsa

id	RHSA-2011:0347
released	2011-03-10
severity	Moderate
title	RHSA-2011:0347: openldap security update (Moderate)

rpms

compat-openldap-0:2.4.19_2.3.43-15.el6_0.2
openldap-0:2.4.19-15.el6_0.2
openldap-clients-0:2.4.19-15.el6_0.2
openldap-debuginfo-0:2.4.19-15.el6_0.2
openldap-devel-0:2.4.19-15.el6_0.2
openldap-servers-0:2.4.19-15.el6_0.2
openldap-servers-sql-0:2.4.19-15.el6_0.2

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Nessus

Redhat

References