Vulnerabilities > CVE-2002-0045
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| OS | 3 |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKSA-2002-013.NASL |
| description | A problem exists in all versions of OpenLDAP from 2.0.0 through 2.0.19 where permissions are not properly checked using access control lists when a user tries to remove an attribute from an object in the directory by replacing it |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 13921 |
| published | 2004-07-31 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/13921 |
| title | Mandrake Linux Security Advisory : openldap (MDKSA-2002:013) |
Redhat
| advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-001.0.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000459
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:013
- http://www.openldap.org/lists/openldap-announce/200201/msg00002.html
- http://www.osvdb.org/5395
- http://www.redhat.com/support/errata/RHSA-2002-014.html
- http://www.securityfocus.com/bid/3945
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-020
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7978