FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4600

This CVE name corresponds to:

Entered Topic
2006-10-05 openldap -- slapd acl selfwrite Security Issue

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-4600 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-4600
Phase Assigned(20060906)

Description

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).

References

Source Reference
BUGTRAQ 20060929 rPSA-2006-0176-1 openldap openldap-clients openldap-servers
FULLDISC 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
MLIST [openldap-announce] 20060801 OpenLDAP 2.3.25 available
MISC http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587
CONFIRM http://www.openldap.org/software/release/changes.html
CONFIRM https://issues.rpath.com/browse/RPL-667
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm
GENTOO GLSA-200711-23
MANDRIVA MDKSA-2006:171
REDHAT RHSA-2007:0310
REDHAT RHSA-2007:0430
SGI 20070602-01-P
TRUSTIX 2006-0055
BID 19832
OVAL oval:org.mitre.oval:def:9618
VUPEN ADV-2007-2186
VUPEN ADV-2007-3229
SECTRACK 1016783
SECUNIA 21721
SECUNIA 22273
SECUNIA 22219
SECUNIA 25098
SECUNIA 25628
SECUNIA 25676
SECUNIA 22300
SECUNIA 25894
SECUNIA 26909
SECUNIA 27706
XF openldap-selfwrite-security-bypass(28772)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.