CVE - CVE-2011-1024

CVE-ID
CVE-2011-1024	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1025188 URL:http://securitytracker.com/id?1025188 MISC:43331 URL:http://secunia.com/advisories/43331 MISC:43708 URL:http://secunia.com/advisories/43708 MISC:43718 URL:http://secunia.com/advisories/43718 MISC:ADV-2011-0665 URL:~~http://www.vupen.com/english/advisories/2011/0665~~ (Obsolete source) MISC:GLSA-201406-36 URL:http://security.gentoo.org/glsa/glsa-201406-36.xml MISC:MDVSA-2011:055 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:055~~ (Obsolete source) MISC:MDVSA-2011:056 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:056~~ (Obsolete source) MISC:RHSA-2011:0346 URL:http://www.redhat.com/support/errata/RHSA-2011-0346.html MISC:RHSA-2011:0347 URL:http://www.redhat.com/support/errata/RHSA-2011-0347.html MISC:USN-1100-1 URL:http://www.ubuntu.com/usn/USN-1100-1 MISC:[openldap-announce] 20110212 OpenLDAP 2.4.24 available URL:http://www.openldap.org/lists/openldap-announce/201102/msg00000.html MISC:[openldap-technical] 20100429 ppolicy master/slave issue URL:http://www.openldap.org/lists/openldap-technical/201004/msg00247.html MISC:[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues URL:http://openwall.com/lists/oss-security/2011/02/24/12 MISC:[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issues URL:http://openwall.com/lists/oss-security/2011/02/25/13 MISC:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 URL:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 MISC:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 URL:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 MISC:http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0 URL:http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0 MISC:http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607 URL:http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607 MISC:https://bugzilla.novell.com/show_bug.cgi?id=674985 URL:https://bugzilla.novell.com/show_bug.cgi?id=674985 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=680466 URL:https://bugzilla.redhat.com/show_bug.cgi?id=680466
Assigning CNA
Red Hat, Inc.
Date Record Created
20110214	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110214)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.