Vulnerability Description
Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ldap Account Manager | Ldap Account Manager | <= 1.0_rc2 |
References
- http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl
- http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33
- http://lam.sourceforge.net/changelog/index.htm
- http://secunia.com/advisories/25157
- http://www.securityfocus.com/bid/23857
- http://www.us.debian.org/security/2007/dsa-1287
- http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl
- http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33
- http://lam.sourceforge.net/changelog/index.htm
- http://secunia.com/advisories/25157
- http://www.securityfocus.com/bid/23857
- http://www.us.debian.org/security/2007/dsa-1287
FAQ
What is CVE-2006-7191?
CVE-2006-7191 is a vulnerability with a CVSS score of 7.2 (HIGH). Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.
How severe is CVE-2006-7191?
CVE-2006-7191 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-7191?
Check the references section above for vendor advisories and patch information. Affected products include: Ldap Account Manager Ldap Account Manager.