CVE-2011-1024

Name of the Vulnerable Software and Affected Versions OpenLDAP versions prior to 2.4.24 OpenLDAP versions 2.3.43 OpenLDAP versions 2.4.19 OpenLDAP-servers versions 2.3.43 OpenLDAP-servers versions 2.4.19 OpenLDAP-clients versions 2.3.43 OpenLDAP-clients versions 2.4.19 OpenLDAP-devel versions 2.3.43 OpenLDAP-devel versions 2.4.19 OpenLDAP-debuginfo versions 2.4.19 OpenLDAP-servers-sql versions 2.3.43 OpenLDAP-servers-sql versions 2.4.19 OpenLDAP-servers-overlays versions 2.3.43 compat-openldap versions 2.3.43 2.2.29 compat-openldap versions 2.3.43 2.3.43

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely by an attacker who has passed the authentication procedure. The vulnerability is related to the chain overlay and ppolicy forward updates in master-slave configurations, allowing remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.

Recommendations For OpenLDAP versions prior to 2.4.24, update to version 2.4.24 or later. For OpenLDAP versions 2.3.43, update to a newer version. For OpenLDAP versions 2.4.19, update to version 2.4.24 or later. For OpenLDAP-servers versions 2.3.43, update to a newer version. For OpenLDAP-servers versions 2.4.19, update to version 2.4.24 or later. For OpenLDAP-clients versions 2.3.43, update to a newer version. For OpenLDAP-clients versions 2.4.19, update to version 2.4.24 or later. For OpenLDAP-devel versions 2.3.43, update to a newer version. For OpenLDAP-devel versions 2.4.19, update to version 2.4.24 or later. For OpenLDAP-debuginfo versions 2.4.19, update to version 2.4.24 or later. For OpenLDAP-servers-sql versions 2.3.43, update to a newer version. For OpenLDAP-servers-sql versions 2.4.19, update to version 2.4.24 or later. For OpenLDAP-servers-overlays versions 2.3.43, update to a newer version. For compat-openldap versions 2.3.43 2.2.29, update to a newer version. For compat-openldap versions 2.3.43 2.3.43, update to a newer version. As a temporary workaround, consider disabling the chain overlay and ppolicy forward updates until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the password variable in the affected API endpoints until the issue is resolved.