Vulnerabilities > CVE-2002-0045

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
openldap
redhat
nessus

Summary

slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.

Vulnerable Configurations

Part Description Count
Application
Openldap
2
OS
Redhat
3

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2002-013.NASL
descriptionA problem exists in all versions of OpenLDAP from 2.0.0 through 2.0.19 where permissions are not properly checked using access control lists when a user tries to remove an attribute from an object in the directory by replacing it
last seen2020-06-01
modified2020-06-02
plugin id13921
published2004-07-31
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/13921
titleMandrake Linux Security Advisory : openldap (MDKSA-2002:013)

Redhat

advisories
rhsa
idRHSA-2002:014