openldap2 security update
Master/slave configurations with enabled
"ppolicy_forward_updates" option potentially allowed users
to log in with an invalid password (CVE-2011-1024).
unauthenticated users could crash the ldap server
(CVE-2011-1081).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4093
Fixed bugs
bnc#674985
VUL-0: openldap2: two security issues
bnc#648479
Solaris/Outlook have problems with OpenLDAPs sssvlv overlay
CVE#CVE-2011-1024
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authenti
CVE#CVE-2011-1081
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
