Computer Security
[EN] securityvulns.ru no-pyccku


OpenLDAP vulnerabilities
Published:31.03.2011
Source:
SecurityVulns ID:11547
Type:remote
Threat Level:
5/10
Description:Authentication bypass, DoS.
Affected:OPENLDAP : OpenLDAP 2.4
CVE:CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.)
 CVE-2011-1024 (chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:055 ] openldap (31.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod