CVE-2011-1081

Severity

50%

Complexity

99%

Confidentiality

48%

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

OpenLDAP

First reported 13 years ago

2011-03-20 02:00:00

Last updated 7 years ago

2017-08-17 01:33:00

Affected Software

OpenLDAP 2.4.6

2.4.6

OpenLDAP 2.4.7

2.4.7

OpenLDAP 2.4.8

2.4.8

OpenLDAP 2.4.9

2.4.9

OpenLDAP 2.4.10

2.4.10

OpenLDAP 2.4.11

2.4.11

OpenLDAP 2.4.12

2.4.12

OpenLDAP 2.4.13

2.4.13

OpenLDAP 2.4.14

2.4.14

OpenLDAP 2.4.15

2.4.15

OpenLDAP 2.4.16

2.4.16

OpenLDAP 2.4.17

2.4.17

OpenLDAP 2.4.18

2.4.18

OpenLDAP 2.4.19

2.4.19

OpenLDAP 2.4.20

2.4.20

OpenLDAP 2.4.21

2.4.21

OpenLDAP 2.4.22

2.4.22

OpenLDAP 2.4.23

2.4.23

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

[oss-security] 20110228 Re: CVE Request -- OpenLDAP -- two issues

Patch

[oss-security] 20110301 Re: CVE Request -- OpenLDAP -- two issues

43331

Vendor Advisory

43718

GLSA-201406-36

1025191

MDVSA-2011:055

MDVSA-2011:056

http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9

Patch

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768

[openldap-announce] 20110212 OpenLDAP 2.4.24 available

Patch

RHSA-2011:0347

USN-1100-1

ADV-2011-0665

Vendor Advisory

https://bugzilla.novell.com/show_bug.cgi?id=674985

https://bugzilla.redhat.com/show_bug.cgi?id=680975

Exploit, Patch

openldap-modrdnc-dos(66239)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2011-1081

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

Type

First reported 13 years ago

Last updated 7 years ago

Affected Software

OpenLDAP 2.4.6

OpenLDAP 2.4.7

OpenLDAP 2.4.8

OpenLDAP 2.4.9

OpenLDAP 2.4.10

OpenLDAP 2.4.11

OpenLDAP 2.4.12

OpenLDAP 2.4.13

OpenLDAP 2.4.14

OpenLDAP 2.4.15

OpenLDAP 2.4.16

OpenLDAP 2.4.17

OpenLDAP 2.4.18

OpenLDAP 2.4.19

OpenLDAP 2.4.20

OpenLDAP 2.4.21

OpenLDAP 2.4.22

OpenLDAP 2.4.23

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

[oss-security] 20110228 Re: CVE Request -- OpenLDAP -- two issues

[oss-security] 20110228 Re: CVE Request -- OpenLDAP -- two issues

[oss-security] 20110301 Re: CVE Request -- OpenLDAP -- two issues

[oss-security] 20110301 Re: CVE Request -- OpenLDAP -- two issues

43331

43718

GLSA-201406-36

1025191

MDVSA-2011:055

MDVSA-2011:056

http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768

[openldap-announce] 20110212 OpenLDAP 2.4.24 available

RHSA-2011:0347

USN-1100-1

ADV-2011-0665

https://bugzilla.novell.com/show_bug.cgi?id=674985

https://bugzilla.redhat.com/show_bug.cgi?id=680975

openldap-modrdnc-dos(66239)

Stay updated

Get in touch