Lucene search

Gentoo FoundationGLSA-200701-19

HistoryJan 23, 2007 - 12:00 a.m.

OpenLDAP: Insecure usage of /tmp during installation

2007-01-2300:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS

Percentile

5.1%

JSON

Background

OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol.

Description

Tavis Ormandy of the Gentoo Linux Security Team has discovered that the file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does not exit upon the existence of a directory in /tmp during installation allowing for directory traversal.

Impact

A local attacker could create a symbolic link in /tmp and potentially overwrite arbitrary system files upon a privileged user emerging OpenLDAP.

Workaround

There is no known workaround at this time.

Resolution

All OpenLDAP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "net-nds/openldap"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-nds/openldap< 2.1.30-r10UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-nds/openldap	< 2.1.30-r10	UNKNOWN

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS

Percentile

5.1%

JSON

Related for GLSA-200701-19