CVE-2011-1081

Openldap - Resource Management Error

Title source: rule

Description

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Serge Dubrouski · textdoslinux

https://www.exploit-db.com/exploits/35445

View Code ZIP pw:eip

References (20)

Core 20

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201406-36.xml

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/66239

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/03/01/15

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/03/01/11

Various Sources x_refsource_confirm

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768

Patch mailing-list x_refsource_mlist

http://www.openldap.org/lists/openldap-announce/201102/msg00000.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:056

Issue Tracking x_refsource_confirm

https://bugzilla.novell.com/show_bug.cgi?id=674985

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0347.html

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/02/28/1

Vendor Advisory x_refsource_confirm

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:055

Patch mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/02/28/2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43718

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1100-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1025191

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0665

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43331

Exploit, Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=680975

Patch x_refsource_confirm

http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9

Scores

EPSS 0.0271

EPSS Percentile 86.1%

Details

CWE

CWE-399

Status published

Products (18)

openldap/openldap 2.4.6

openldap/openldap 2.4.7

openldap/openldap 2.4.8

openldap/openldap 2.4.9

openldap/openldap 2.4.10

openldap/openldap 2.4.11

openldap/openldap 2.4.12

openldap/openldap 2.4.13

openldap/openldap 2.4.14

openldap/openldap 2.4.15

... and 8 more

Published Mar 20, 2011

Tracked Since Feb 18, 2026