CVE-2006-7191

2007-04-0300:19:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

26.3%

JSON

Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.

OSVersionArchitecturePackageVersionFilename
Debian12allldap-account-manager< 1.0.0-1ldap-account-manager_1.0.0-1_all.deb
Debian11allldap-account-manager< 1.0.0-1ldap-account-manager_1.0.0-1_all.deb
Debian999allldap-account-manager< 1.0.0-1ldap-account-manager_1.0.0-1_all.deb
Debian13allldap-account-manager< 1.0.0-1ldap-account-manager_1.0.0-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ldap-account-manager	< 1.0.0-1	ldap-account-manager_1.0.0-1_all.deb
Debian	11	all	ldap-account-manager	< 1.0.0-1	ldap-account-manager_1.0.0-1_all.deb
Debian	999	all	ldap-account-manager	< 1.0.0-1	ldap-account-manager_1.0.0-1_all.deb
Debian	13	all	ldap-account-manager	< 1.0.0-1	ldap-account-manager_1.0.0-1_all.deb