ID CVE-2011-1081
Summary modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
References
Vulnerable Configurations
  • cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 680975
title CVE-2011-1081 openldap: DoS when submitting special MODRDN request
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment compat-openldap is earlier than 0:2.4.19_2.3.43-15.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110347001
        • comment compat-openldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110347002
      • AND
        • comment openldap is earlier than 0:2.4.19-15.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110347003
        • comment openldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151292002
      • AND
        • comment openldap-clients is earlier than 0:2.4.19-15.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110347005
        • comment openldap-clients is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151292004
      • AND
        • comment openldap-devel is earlier than 0:2.4.19-15.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110347007
        • comment openldap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151292006
      • AND
        • comment openldap-servers is earlier than 0:2.4.19-15.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110347009
        • comment openldap-servers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151292008
      • AND
        • comment openldap-servers-sql is earlier than 0:2.4.19-15.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110347011
        • comment openldap-servers-sql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151292010
rhsa
id RHSA-2011:0347
released 2011-03-10
severity Moderate
title RHSA-2011:0347: openldap security update (Moderate)
rpms
  • compat-openldap-0:2.4.19_2.3.43-15.el6_0.2
  • openldap-0:2.4.19-15.el6_0.2
  • openldap-clients-0:2.4.19-15.el6_0.2
  • openldap-debuginfo-0:2.4.19-15.el6_0.2
  • openldap-devel-0:2.4.19-15.el6_0.2
  • openldap-servers-0:2.4.19-15.el6_0.2
  • openldap-servers-sql-0:2.4.19-15.el6_0.2
refmap via4
confirm
gentoo GLSA-201406-36
mandriva
  • MDVSA-2011:055
  • MDVSA-2011:056
mlist
  • [openldap-announce] 20110212 OpenLDAP 2.4.24 available
  • [oss-security] 20110228 Re: CVE Request -- OpenLDAP -- two issues
  • [oss-security] 20110301 Re: CVE Request -- OpenLDAP -- two issues
sectrack 1025191
secunia
  • 43331
  • 43718
ubuntu USN-1100-1
vupen ADV-2011-0665
xf openldap-modrdnc-dos(66239)
Last major update 17-08-2017 - 01:33
Published 20-03-2011 - 02:00
Last modified 17-08-2017 - 01:33
Back to Top