6.8
CVE-2011-1025
- EPSS 4.45%
- Veröffentlicht 20.03.2011 02:00:03
- Zuletzt bearbeitet 16.06.2026 23:28:34
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.45% | 0.902 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://openwall.com/lists/oss-security/2011/02/24/12
http://openwall.com/lists/oss-security/2011/02/25/13
http://secunia.com/advisories/43331
http://secunia.com/advisories/43718
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html
http://www.redhat.com/support/errata/RHSA-2011-0347.html
http://www.ubuntu.com/usn/USN-1100-1
http://www.vupen.com/english/advisories/2011/0665
http://securitytracker.com/id?1025190
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661
https://bugzilla.redhat.com/show_bug.cgi?id=680472