Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1100-1
Solution
Please Install the Updated Packages.
Insight
It was discovered that OpenLDAP did not properly check forwarded authentication failures when using a slave server and chain overlay. If OpenLDAP were configured in this manner, an attacker could bypass authentication checks by sending an invalid password to a slave server.
(CVE-2011-1024)
It was discovered that OpenLDAP did not properly perform authentication checks to the rootdn when using the back-ndb backend. An attacker could exploit this to access the directory by sending an arbitrary password.
Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue did not affect Ubuntu 8.04 LTS. (CVE-2011-1025)
It was discovered that OpenLDAP did not properly validate modrdn requests.
An unauthenticated remote user could use this to cause a denial of service via application crash. (CVE-2011-1081)
Affected
openldap, openldap2.3 vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 9.10 ,
Ubuntu 10.04 LTS ,
Ubuntu 10.10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-1024, CVE-2011-1025, CVE-2011-1081 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities