2.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:S/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
70.2%
CentOS Errata and Security Advisory CESA-2007:0310
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.
A flaw was found in the way OpenLDAP handled selfwrite access. Users with
selfwrite access were able to modify the distinguished name of any user.
(CVE-2006-4600)
All users are advised to upgrade to these updated openldap packages, which
contain a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075865.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075866.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075887.html
Affected packages:
compat-openldap
gdm
openldap
openldap-clients
openldap-devel
openldap-servers
openldap-servers-sql
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0310
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | gdm | < 2.6.0.5-7.rhel4.15 | gdm-2.6.0.5-7.rhel4.15.ia64.rpm |
CentOS | 4 | ia64 | compat-openldap | < 2.1.30-7.4E | compat-openldap-2.1.30-7.4E.ia64.rpm |
CentOS | 4 | ia64 | openldap | < 2.2.13-7.4E | openldap-2.2.13-7.4E.ia64.rpm |
CentOS | 4 | ia64 | openldap-clients | < 2.2.13-7.4E | openldap-clients-2.2.13-7.4E.ia64.rpm |
CentOS | 4 | ia64 | openldap-devel | < 2.2.13-7.4E | openldap-devel-2.2.13-7.4E.ia64.rpm |
CentOS | 4 | ia64 | openldap-servers | < 2.2.13-7.4E | openldap-servers-2.2.13-7.4E.ia64.rpm |
CentOS | 4 | ia64 | openldap-servers-sql | < 2.2.13-7.4E | openldap-servers-sql-2.2.13-7.4E.ia64.rpm |
CentOS | 4 | s390 | compat-openldap | < 2.1.30-7.4E | compat-openldap-2.1.30-7.4E.s390.rpm |
CentOS | 4 | s390 | openldap | < 2.2.13-7.4E | openldap-2.2.13-7.4E.s390.rpm |
CentOS | 4 | s390 | openldap-clients | < 2.2.13-7.4E | openldap-clients-2.2.13-7.4E.s390.rpm |