From bb77e0fa478a5adb489054bd86f94ee1388a6bf8 Mon Sep 17 00:00:00 2001 From: sat Date: Thu, 5 Oct 2006 14:31:50 +0000 Subject: - Document slapd acl selfwrite Security Issue in openldap --- security/vuxml/vuln.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8dae593..a6717ba 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> + + openldap -- slapd acl selfwrite Security Issue + + + openldap-server + openldap-sasl-server + 2.3.25 + + + + +

Howard Chu reports:

+
An ACL of the form 'access to dn.subtree="ou=groups, + dc=example,dc=com" attr=member by * selfwrite' is intended + to only allow users to add/delete their own DN to the + target attribute. Currently it allows any DNs to be + modified.
+

+ + + + 19832 + CVE-2006-4600 + http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587 + http://www.openldap.org/lists/openldap-announce/200608/msg00000.html + http://secunia.com/advisories/21721 + http://securitytracker.com/alerts/2006/Sep/1016783.html + + + 2006-06-14 + 2006-10-05 + + + mono -- "System.CodeDom.Compiler" Insecure Temporary Creation -- cgit v1.1