4.6

CVE-2011-1024

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenldapOpenldap Version2.4.6
OpenldapOpenldap Version2.4.7
OpenldapOpenldap Version2.4.8
OpenldapOpenldap Version2.4.9
OpenldapOpenldap Version2.4.10
OpenldapOpenldap Version2.4.11
OpenldapOpenldap Version2.4.12
OpenldapOpenldap Version2.4.13
OpenldapOpenldap Version2.4.14
OpenldapOpenldap Version2.4.15
OpenldapOpenldap Version2.4.16
OpenldapOpenldap Version2.4.17
OpenldapOpenldap Version2.4.18
OpenldapOpenldap Version2.4.19
OpenldapOpenldap Version2.4.20
OpenldapOpenldap Version2.4.21
OpenldapOpenldap Version2.4.22
OpenldapOpenldap Version2.4.23
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.96% 0.854
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:N/AC:H/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://openwall.com/lists/oss-security/2011/02/24/12
http://openwall.com/lists/oss-security/2011/02/25/13
http://secunia.com/advisories/43331
Vendor Advisory
http://secunia.com/advisories/43708
http://secunia.com/advisories/43718
http://securitytracker.com/id?1025188
http://www.mandriva.com/security/advisories?name=MDVSA-2011:055
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0
Patch
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html
Patch
http://www.openldap.org/lists/openldap-technical/201004/msg00247.html
http://www.redhat.com/support/errata/RHSA-2011-0346.html
http://www.redhat.com/support/errata/RHSA-2011-0347.html
http://www.ubuntu.com/usn/USN-1100-1
http://www.vupen.com/english/advisories/2011/0665
Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=674985
https://bugzilla.redhat.com/show_bug.cgi?id=680466