Vulnerability Name:

CVE-2002-1508 (CCN-11288)

Assigned:2002-12-06
Published:2002-12-06
Updated:2008-09-10
Summary:slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.
CVSS v3 Severity:2.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
1.2 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: SGI Security Advisory 20031002-01-U
SGI Advanced Linux Environment security update #3

Source: MITRE
Type: CNA
CVE-2002-1508

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:556
openldap

Source: CCN
Type: RHSA-2002-312
openldap security update

Source: CCN
Type: RHSA-2003-040
Updated openldap packages available

Source: CCN
Type: RHSA-2003-208
Updated openldap packages available for iSeries and pSeries

Source: CCN
Type: CIAC Information Bulletin N-043
Red Hat openldap Vulnerabilities

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-227

Source: DEBIAN
Type: DSA-227
openldap2 -- buffer overflows and other bugs

Source: XF
Type: Vendor Advisory
openldap-acl-slapd-bo(11288)

Source: CCN
Type: Gentoo Linux Security Announcement 200212-12
openldap -- remote command execution

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2003:006

Source: SUSE
Type: UNKNOWN
SuSE-SA:2002:047

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2003:040

Source: CCN
Type: BID-6328
OpenLDAP Multiple Buffer Overflow Vulnerabilities

Source: XF
Type: UNKNOWN
openldap-acl-slapd-bo(11288)

Source: SUSE
Type: SUSE-SA:2002:047
OpenLDAP2: remote command execution

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openldap:openldap:*:*:*:*:*:*:*:* (Version <= 2.2.0)

    • Configuration CCN 1:
  • cpe:/a:openldap:openldap:2.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.5:*:*:*:server:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:8:*:*:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:8:*:*:*:workstation:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:7:*:*:*:server:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:sgi:irix:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:227
    V
    		buffer overflows and other bugs
    2003-01-13
    BACK
    openldap openldap *
    openldap openldap 2.2.0
    redhat linux 6.2
    redhat linux 7
    conectiva linux 6.0
    suse suse linux 7.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    turbolinux turbolinux 6.5
    suse suse linux 7.2
    conectiva linux 7.0
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    suse suse linux 7.3
    suse suse email server iii
    suse suse linux connectivity server *
    mandrakesoft mandrake linux 8.2
    suse suse linux 8.0
    conectiva linux 8.0
    redhat linux 7.3
    debian debian linux 3.0
    gentoo linux *
    suse suse linux office server *
    redhat linux 8.0
    mandrakesoft mandrake linux 9.0
    suse suse email server 3.1
    mandrakesoft mandrake multi network firewall 8.2
    turbolinux turbolinux server 6.1
    turbolinux turbolinux 8
    turbolinux turbolinux 8
    turbolinux turbolinux 7
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    sgi irix 2.3.1
    redhat linux advanced workstation 2.1