Vulnerability Description
OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openldap | Openldap | <= 2.2.0 |
References
- http://www.debian.org/security/2003/dsa-227PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:006
- http://www.novell.com/linux/security/advisories/2002_047_openldap2.html
- http://www.debian.org/security/2003/dsa-227PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:006
- http://www.novell.com/linux/security/advisories/2002_047_openldap2.html
FAQ
What is CVE-2002-1379?
CVE-2002-1379 is a vulnerability with a CVSS score of 7.5 (HIGH). OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges.
How severe is CVE-2002-1379?
CVE-2002-1379 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1379?
Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap.