Published: 21/04/2000 Updated: 10/09/2008

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openldap openldap 1.2.8
openldap openldap 1.2.9
openldap openldap 1.2.7
openldap openldap 1.2.10
mandrakesoft mandrake linux 6.1
mandrakesoft mandrake linux 7.0
redhat linux 6.1
redhat linux 6.2
turbolinux turbolinux 6.0.2
turbolinux turbolinux 4.2
turbolinux turbolinux 4.4

source: wwwsecurityfocuscom/bid/1232/info A vulnerability exists in OpenLDAP as shipped with some versions of Linux, including RedHat 61 and 62, and TurboLinux 602 and earlier OpenLDAP will create files in /usr/tmp, which is actually a symbolic link to the world writable /tmp directory As OpenLDAP does not check for a files existenc ...

NVD-CWE-Other ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt http://www.redhat.com/support/errata/RHSA-2000-012.html http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html http://www.securityfocus.com/bid/1232 https://nvd.nist.gov https://www.exploit-db.com/exploits/19946/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2000-0336

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect