High

CVE-2003-0174 - Unspecified vulnerability in SGI Irix

Publication: 2003-05-12
Summary

The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • SGI Irix 6.5
  • SGI Irix 6.5.19m
  • SGI Irix 6.5.2
  • SGI Irix 6.5.2f
  • SGI Irix 6.5.2m
  • SGI Irix 6.5.3
  • SGI Irix 6.5.3f
  • SGI Irix 6.5.3m
  • SGI Irix 6.5.4
  • SGI Irix 6.5.4f
  • SGI Irix 6.5.4m
  • SGI Irix 6.5.5
  • SGI Irix 6.5.5f
  • SGI Irix 6.5.5m
  • SGI Irix 6.5.6
  • SGI Irix 6.5.6f
  • SGI Irix 6.5.6m
  • SGI Irix 6.5.7
  • SGI Irix 6.5.7f
  • SGI Irix 6.5.7m
  • SGI Irix 6.5.8
  • SGI Irix 6.5.8f
  • SGI Irix 6.5.8m
  • SGI Irix 6.5.9
  • SGI Irix 6.5.9f
  • SGI Irix 6.5.9m
  • SGI Irix 6.5.10
  • SGI Irix 6.5.10f
  • SGI Irix 6.5.1
  • SGI Irix 6.5.11
  • SGI Irix 6.5.11f
  • SGI Irix 6.5.11m
  • SGI Irix 6.5.12
  • SGI Irix 6.5.12f
  • SGI Irix 6.5.12m
  • SGI Irix 6.5.13
  • SGI Irix 6.5.13f
  • SGI Irix 6.5.13m
  • SGI Irix 6.5.14
  • SGI Irix 6.5.14f
  • SGI Irix 6.5.14m
  • SGI Irix 6.5.15
  • SGI Irix 6.5.15f
  • SGI Irix 6.5.15m
  • SGI Irix 6.5.16
  • SGI Irix 6.5.16f
  • SGI Irix 6.5.16m
  • SGI Irix 6.5.17
  • SGI Irix 6.5.17f
  • SGI Irix 6.5.17m
  • SGI Irix 6.5.18
  • SGI Irix 6.5.18f
  • SGI Irix 6.5.18m
  • SGI Irix 6.5.19
  • SGI Irix 6.5.19f
  • SGI Irix 6.5.10m