[email protected]CVE-2000-0336

HistoryApr 21, 2000 - 4:00 a.m.

CVE-2000-0336

2000-04-2104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

linux

openldap server

local user

file modification

symlink attack

cve-2000-0336

6.5 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

CPENameOperatorVersion
openldap:openldapopenldapeq1.2.7
openldap:openldapopenldapeq1.2.10
openldap:openldapopenldapeq1.2.8
openldap:openldapopenldapeq1.2.9
redhat:linuxredhat linuxeq6.1
redhat:linuxredhat linuxeq6.2
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq7.0
turbolinux:turbolinuxturbolinuxeq4.4
turbolinux:turbolinuxturbolinuxeq4.2
turbolinux:turbolinuxturbolinuxeq6.0.2

CPE	Name	Operator	Version
openldap:openldap	openldap	eq	1.2.7
openldap:openldap	openldap	eq	1.2.10
openldap:openldap	openldap	eq	1.2.8
openldap:openldap	openldap	eq	1.2.9
redhat:linux	redhat linux	eq	6.1
redhat:linux	redhat linux	eq	6.2
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	7.0
turbolinux:turbolinux	turbolinux	eq	4.4
turbolinux:turbolinux	turbolinux	eq	4.2
turbolinux:turbolinux	turbolinux	eq	6.0.2

Rows per page:

1-10 of 111

References

ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt

www.redhat.com/support/errata/RHSA-2000-012.html

www.securityfocus.com/bid/1232

www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html

6.5 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2000-0336

nessus1