CVE-2006-4600 — LOW (2.3) — White Hats Nepal

Vulnerability Description

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).

CVSS Score

2.3

LOW

AV:A/AC:M/Au:S/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Openldap	Openldap	2.0.20

References

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://secunia.com/advisories/21721PatchVendor Advisory
http://secunia.com/advisories/22219
http://secunia.com/advisories/22273
http://secunia.com/advisories/22300
http://secunia.com/advisories/25098
http://secunia.com/advisories/25628
http://secunia.com/advisories/25676
http://secunia.com/advisories/25894
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://security.gentoo.org/glsa/glsa-200711-23.xml
http://securitytracker.com/id?1016783
http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm

FAQ

What is CVE-2006-4600?

CVE-2006-4600 is a vulnerability with a CVSS score of 2.3 (LOW). slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).

How severe is CVE-2006-4600?

CVE-2006-4600 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-4600?

Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap.