CVE-2011-1024

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
Severity
UNKNOWN
AV:N/AC:H/Au:S/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
HIGH
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
openldapopenldap
2.4.6
openldapopenldap
2.4.7
openldapopenldap
2.4.8
openldapopenldap
2.4.9
openldapopenldap
2.4.10
openldapopenldap
2.4.11
openldapopenldap
2.4.12
openldapopenldap
2.4.13
openldapopenldap
2.4.14
openldapopenldap
2.4.15
openldapopenldap
2.4.16
openldapopenldap
2.4.17
openldapopenldap
2.4.18
openldapopenldap
2.4.19
openldapopenldap
2.4.20
openldapopenldap
2.4.21
openldapopenldap
2.4.22
openldapopenldap
2.4.23
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openldap
bullseye (security)
2.4.57+dfsg-3+deb11u1
fixed
bullseye
2.4.57+dfsg-3+deb11u1
fixed
bookworm
2.5.13+dfsg-5
fixed
sid
2.5.18+dfsg-3
fixed
trixie
2.5.18+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openldap
maverick
Fixed 2.4.23-0ubuntu3.5
released
lucid
Fixed 2.4.21-0ubuntu5.4
released
karmic
Fixed 2.4.18-0ubuntu1.2
released
hardy
dne
dapper
dne
openldap2.2
maverick
dne
lucid
dne
karmic
dne
hardy
dne
dapper
not-affected
openldap2.3
maverick
dne
lucid
dne
karmic
dne
hardy
Fixed 2.4.9-0ubuntu0.8.04.5
released
dapper
dne
Common Weakness Enumeration
References