Vulnerability Description
Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kolab | Kolab Groupware Server | 1.0 |
| Openpkg | Openpkg | 2.0 |
References
- http://marc.info/?l=bugtraq&m=108377525924422&w=2
- http://secunia.com/advisories/11560ExploitPatchVendor Advisory
- http://www.erfrakon.de/projects/kolab/download/kolab-server-1.0/src/Changelog
- http://www.kolab.org/pipermail/kolab-users/2004-April/000215.htmlExploitVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:052
- http://www.osvdb.org/5898
- http://www.securityfocus.com/bid/10277PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16068
- http://marc.info/?l=bugtraq&m=108377525924422&w=2
- http://secunia.com/advisories/11560ExploitPatchVendor Advisory
- http://www.erfrakon.de/projects/kolab/download/kolab-server-1.0/src/Changelog
- http://www.kolab.org/pipermail/kolab-users/2004-April/000215.htmlExploitVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:052
- http://www.osvdb.org/5898
- http://www.securityfocus.com/bid/10277PatchVendor Advisory
FAQ
What is CVE-2004-1997?
CVE-2004-1997 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.
How severe is CVE-2004-1997?
CVE-2004-1997 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1997?
Check the references section above for vendor advisories and patch information. Affected products include: Kolab Kolab Groupware Server, Openpkg Openpkg.