CVE-2011-1081

OpenLDAP 2.4.x < 2.4.24 - Denial of Service via Empty OldDN in MODRDN Operation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1081. PoCs published by Serge Dubrouski.

AI-analyzed exploit summary This exploit leverages a vulnerability in OpenLDAP's modrdn command to trigger a denial-of-service by crashing the slapd server. The provided command sends a malformed request with an empty relative distinguished name (RDN).

Description

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Serge Dubrouski · textdoslinux
https://www.exploit-db.com/exploits/35445

This exploit leverages a vulnerability in OpenLDAP's modrdn command to trigger a denial-of-service by crashing the slapd server. The provided command sends a malformed request with an empty relative distinguished name (RDN).

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: OpenLDAP slapd (versions affected by CVE-2011-1081)
No auth needed
Prerequisites: Network access to the target LDAP server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-36.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66239
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/01/15
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/01/11
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=674985
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0347.html
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/28/1
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:055
Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/28/2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43718
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1100-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025191
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0665
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43331
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=680975

Scores

EPSS 0.1352
EPSS Percentile 96.0%

Details

CWE
CWE-399
Status published
Products (18)
openldap/openldap 2.4.6
openldap/openldap 2.4.7
openldap/openldap 2.4.8
openldap/openldap 2.4.9
openldap/openldap 2.4.10
openldap/openldap 2.4.11
openldap/openldap 2.4.12
openldap/openldap 2.4.13
openldap/openldap 2.4.14
openldap/openldap 2.4.15
... and 8 more
Published Mar 20, 2011
Tracked Since Feb 18, 2026