CVE-2011-1561

Current Description

The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password.

Basic Data

PublishedApril 05, 2011
Last ModifiedApril 05, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-287
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSIbmAix6.1*******

Vulnerable Software List

VendorProductVersions
Ibm Aix 6.1

References

NameSourceURLTags
http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory.aschttp://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory.ascCONFIRM
43968http://secunia.com/advisories/43968SECUNIAVendor Advisory
1025273http://securitytracker.com/id?1025273SECTRACK
ADV-2011-0836http://www.vupen.com/english/advisories/2011/0836VUPENVendor Advisory
IZ97416http://www-01.ibm.com/support/docview.wss?uid=isg1IZ97416AIXAPAR