DEBIAN-CVE-2011-1025

DEBIAN-CVE-2011-1025 PUBLISHED

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

Affected Products

Vendor	Product	Versions
Debian:14	openldap	0, 0, 0
Debian:12	openldap	0, 0, 0
Debian:11	openldap	0, 0, 0
Debian:13	openldap	0, 0, 0

Timeline

Mar 20, 2011 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2011-1025 advisory

Open in Interactive Console →