Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0045

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0045
Last Modified 10 Sep 2008 03:11:09
Published 31 Jan 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0045

Summary

slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.

Vulnerable Systems

Operating System

  • Redhat Linux 7.0

  • Redhat Linux 7.1

  • Redhat Linux 7.2

Application

  • Openldap 2.0

  • Openldap 2.0.19


References

XF - openldap-slapd-delete-attributes(7978)

HP - HPSBTL0201-020

BID - 3945

REDHAT - RHSA-2002:014

OSVDB - 5395

CONFIRM - http://www.openldap.org/lists/openldap-announce/200201/msg00002.html

MANDRAKE - MDKSA-2002:013

CONECTIVA - CLA-2002:459

CALDERA - CSSA-2002-001.0


Last Updated: 27 May 2016 10:36:45