CVE-2014-9713

2015-04-0100:00:00

ubuntu.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.4%

JSON

The default slapd configuration in the Debian openldap package 2.4.23-3
through 2.4.39-1.1 allows remote authenticated users to modify the user’s
permissions and other user attributes via unspecified vectors.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406>

Notes

Author	Note
mdeslaur	debian/ubuntu specific issue can’t automatically fix this for existing installations.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchopenldap< 2.4.28-1.1ubuntu4.6UNKNOWN
ubuntu14.04noarchopenldap< 2.4.31-1+nmu2ubuntu8.2UNKNOWN
ubuntu15.04noarchopenldap< 2.4.31-1+nmu2ubuntu12.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	openldap	< 2.4.28-1.1ubuntu4.6	UNKNOWN
ubuntu	14.04	noarch	openldap	< 2.4.31-1+nmu2ubuntu8.2	UNKNOWN
ubuntu	15.04	noarch	openldap	< 2.4.31-1+nmu2ubuntu12.3	UNKNOWN