MDVSA-2011:056 -- Mandriva openldapID: oval:org.secpod.oval:def:300428 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been identified and fixed in openldap: chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server . bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name , which allows remote attackers to bypass intended access restrictions via an arbitrary password . modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name modification request that contains an empty value for the OldDN field . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |