CERTA-2003-AVI-004
Vulnerability from certfr_avis

None

Description

OpenLDAP est une implémentation de LDAP (Lightweight Directory Access Protocol).

Plusieurs vulnérabilités présentes dans le paquetage OpenLDAP permettent à un utilisateur mal intentionné d'exécuter du code arbitraire à distance sur une machine hébergeant un serveur LDAP vulnérable.

De plus, la bibliothèque OpenLDAP2 contient d'autres vulnérabilités exploitables en local.

Solution

Se référer aux bulletins de sécurité des différents éditeurs pour connaître la disponibilité des correctifs (cf. section Documentation).

OpenLDAP version 2.0.25 et antérieures.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eOpenLDAP version 2.0.25 et ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nOpenLDAP est une impl\u00e9mentation de LDAP (Lightweight Directory Access\nProtocol).\n\nPlusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans le paquetage OpenLDAP permettent\n\u00e0 un utilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance sur une machine h\u00e9bergeant un serveur LDAP vuln\u00e9rable.\n\nDe plus, la biblioth\u00e8que OpenLDAP2 contient d\u0027autres vuln\u00e9rabilit\u00e9s\nexploitables en local.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des diff\u00e9rents \u00e9diteurs pour\nconna\u00eetre la disponibilit\u00e9 des correctifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2003-01-16T00:00:00",
  "last_revision_date": "2003-02-07T00:00:00",
  "links": [
    {
      "title": "Site de OpenLDAP :",
      "url": "http://www.openldap.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RHSA-2003:040 de Red Hat :",
      "url": "http://rhn.redhat.com/errata/RHSA-2003-040.html"
    }
  ],
  "reference": "CERTA-2003-AVI-004",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-01-16T00:00:00.000000"
    },
    {
      "description": "Ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 RHSA-2003:040 de Red Hat.",
      "revision_date": "2003-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans OpenLDAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MDKSA-2003:006 de Mandrake",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE-SA:2002:047 de SuSE",
      "url": "http://www.suse.com/de/security/2002_047_openldap2.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 DSA-227 de Debian",
      "url": "http://www.debian.org/security/2003/dsa-227"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.