CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
84.1%
A vulnerability in the secldapclntd
daemon in IBM’s AIX operating system could allow unauthorized remote users to modify accounts on the system.
According to the IBM bulletin for this issue:
“The secldapclntd daemon accepts requests from the LDAP load module, forwards requests to the LDAP server, and passes results from the server back to the LDAP loadmodule. The secldapclntd daemon uses an internet socket to communicate with the loadmodule. A remote user can craft a message to communicate with the daemon and gain unauthorized access to data or could potentially modify user accounts on the LDAP server.”
This exposes a vulnerability in environments that use an LDAP (Lightweight Directory Access Protocol) database for user authentication.
A remote attacker can gain unauthorized access to data or modify user accounts on the system. It is unclear whether this vulnerability can be leveraged to gain root or other system-level access to the affected systems.
Apply a patch from the vendor
IBM has released patches to address this vulnerability; please see the vendor section of this document for further details.
624713
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: March 10, 2003 Updated: March 24, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
IBM has released MSS-OAR-E01-2003:0245.1 in response to this issue. Users are encouraged to review the bulletin and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23624713 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue was discovered by Tom Lu of IBM’s AIX Security Team.
This document was written by Chad R Dougherty.
CVE IDs: | CVE-2003-0119 |
---|---|
Severity Metric: | 15.82 Date Public: |