Vulnerability Description
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sgi | Irix | <= 6.5.19 |
Related Weaknesses (CWE)
References
- ftp://patches.sgi.com/support/free/security/advisories/20030407-01-PBroken LinkPatchVendor Advisory
- http://www.ciac.org/ciac/bulletins/n-084.shtmlBroken Link
- http://www.securityfocus.com/bid/7442Broken LinkPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11860Third Party AdvisoryVDB Entry
- ftp://patches.sgi.com/support/free/security/advisories/20030407-01-PBroken LinkPatchVendor Advisory
- http://www.ciac.org/ciac/bulletins/n-084.shtmlBroken Link
- http://www.securityfocus.com/bid/7442Broken LinkPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11860Third Party AdvisoryVDB Entry
FAQ
What is CVE-2003-0174?
CVE-2003-0174 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a passw...
How severe is CVE-2003-0174?
CVE-2003-0174 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2003-0174?
Check the references section above for vendor advisories and patch information. Affected products include: Sgi Irix.