Vulnerability Name:

CVE-2000-0336 (CCN-4369)

Assigned:2000-04-13
Published:2000-04-13
Updated:2008-09-10
Summary:Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CALDERA
Type: Patch, Vendor Advisory
CSSA-2000-009.0

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2000-009.0
misconfigured OpenLDAP

Source: MITRE
Type: CNA
CVE-2000-0336

Source: CCN
Type: RHSA-2000:012-05
openldap-1.2.9-6

Source: CCN
Type: TurboLinux Security Announcement TLSA2000010-1
OpenLDAP 1.2.9 and earlier

Source: CCN
Type: OSVDB ID: 8050
OpenLDAP Symlink Arbitrary File Modification

Source: REDHAT
Type: UNKNOWN
RHSA-2000:012

Source: BID
Type: UNKNOWN
1232

Source: CCN
Type: BID-1232
OpenLDAP /usr/tmp/ Symlink Vulnerability

Source: TURBO
Type: UNKNOWN
TLSA2000010-1

Source: XF
Type: UNKNOWN
openldap-symlink-attack(4369)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openldap:openldap:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:1.2.10:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:sparc:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:4.4:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    openldap openldap 1.2.7
    openldap openldap 1.2.8
    openldap openldap 1.2.9
    openldap openldap 1.2.10
    mandrakesoft mandrake linux 6.1
    mandrakesoft mandrake linux 7.0
    redhat linux 6.1
    redhat linux 6.1
    redhat linux 6.1
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 6.2
    turbolinux turbolinux 4.2
    turbolinux turbolinux 4.4
    turbolinux turbolinux 6.0.2
    redhat linux 6.1
    caldera openlinux 2.3
    redhat linux 6.2