CVE-2011-1081

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
openldapopenldap
2.4.6
openldapopenldap
2.4.7
openldapopenldap
2.4.8
openldapopenldap
2.4.9
openldapopenldap
2.4.10
openldapopenldap
2.4.11
openldapopenldap
2.4.12
openldapopenldap
2.4.13
openldapopenldap
2.4.14
openldapopenldap
2.4.15
openldapopenldap
2.4.16
openldapopenldap
2.4.17
openldapopenldap
2.4.18
openldapopenldap
2.4.19
openldapopenldap
2.4.20
openldapopenldap
2.4.21
openldapopenldap
2.4.22
openldapopenldap
2.4.23
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openldap
bullseye (security)
2.4.57+dfsg-3+deb11u1
fixed
bullseye
2.4.57+dfsg-3+deb11u1
fixed
bookworm
2.5.13+dfsg-5
fixed
sid
2.5.18+dfsg-3
fixed
trixie
2.5.18+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openldap
maverick
Fixed 2.4.23-0ubuntu3.5
released
lucid
Fixed 2.4.21-0ubuntu5.4
released
karmic
Fixed 2.4.18-0ubuntu1.2
released
hardy
dne
dapper
dne
openldap2.2
maverick
dne
lucid
dne
karmic
dne
hardy
dne
dapper
not-affected
openldap2.3
maverick
dne
lucid
dne
karmic
dne
hardy
Fixed 2.4.9-0ubuntu0.8.04.5
released
dapper
dne
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://openwall.com/lists/oss-security/2011/02/28/1
http://openwall.com/lists/oss-security/2011/02/28/2
http://openwall.com/lists/oss-security/2011/03/01/11
http://openwall.com/lists/oss-security/2011/03/01/15
http://secunia.com/advisories/43331
http://secunia.com/advisories/43718
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://securitytracker.com/id?1025191
http://www.mandriva.com/security/advisories?name=MDVSA-2011:055
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html
http://www.redhat.com/support/errata/RHSA-2011-0347.html
http://www.ubuntu.com/usn/USN-1100-1
http://www.vupen.com/english/advisories/2011/0665
https://bugzilla.novell.com/show_bug.cgi?id=674985
https://bugzilla.redhat.com/show_bug.cgi?id=680975
https://exchange.xforce.ibmcloud.com/vulnerabilities/66239
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://openwall.com/lists/oss-security/2011/02/28/1
http://openwall.com/lists/oss-security/2011/02/28/2
http://openwall.com/lists/oss-security/2011/03/01/11
http://openwall.com/lists/oss-security/2011/03/01/15
http://secunia.com/advisories/43331
http://secunia.com/advisories/43718
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://securitytracker.com/id?1025191
http://www.mandriva.com/security/advisories?name=MDVSA-2011:055
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html
http://www.redhat.com/support/errata/RHSA-2011-0347.html
http://www.ubuntu.com/usn/USN-1100-1
http://www.vupen.com/english/advisories/2011/0665
https://bugzilla.novell.com/show_bug.cgi?id=674985
https://bugzilla.redhat.com/show_bug.cgi?id=680975
https://exchange.xforce.ibmcloud.com/vulnerabilities/66239