Vulnerability Name:

CVE-2005-4442 (CCN-24601)

Assigned:2005-11-02
Published:2005-11-02
Updated:2008-09-05
Summary:Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2005-3580

Source: MITRE
Type: CNA
CVE-2005-3581

Source: MITRE
Type: CNA
CVE-2005-3582

Source: MITRE
Type: CNA
CVE-2005-4278

Source: MITRE
Type: CNA
CVE-2005-4279

Source: MITRE
Type: CNA
CVE-2005-4280

Source: MITRE
Type: CNA
CVE-2005-4442

Source: CCN
Type: QDBM Web site
QDBM: Quick Database Manager

Source: SECUNIA
Type: Vendor Advisory
18040

Source: CCN
Type: SA55314
Oracle Solaris Perl Multiple Vulnerabilities

Source: CCN
Type: GLSA-200510-14
Perl, Qt-UnixODBC, CMake: RUNPATH issues

Source: CCN
Type: GLSA-200511-02
QDBM, ImageMagick, GDAL: RUNPATH issues

Source: CCN
Type: GLSA-200512-07
OpenLDAP, Gauche: RUNPATH issues

Source: GENTOO
Type: Patch
GLSA-200512-07

Source: CCN
Type: ImageMagick Web site
ImageMagick: Convert, Edit, and Compose Images

Source: CCN
Type: OSVDB ID: 20086
Perl RUNPATH Variable Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 20087
Qt-UnixODBC RUNPATH Variable Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 20088
CMake RUNPATH Variable Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 20527
QDBM RUNPATH Variable Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 20528
ImageMagick RUNPATH Variable Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 20529
GDAL RUNPATH Variable Local Privilege Escalation

Source: BID
Type: Patch
15120

Source: CCN
Type: BID-15120
Gentoo Linux Multiple Packages Insecure RUNPATH Vulnerability

Source: XF
Type: UNKNOWN
qdbm-portage-gain-privileges(24601)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openldap:openldap:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.21:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.22:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.23:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.24:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.25:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.26:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.27:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.28:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.29:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.1.30:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.14:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.15:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.16:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.17:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.18:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.19:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.20:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.21:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.22:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.23:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.24:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.25:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.26:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:*:*:*:*:*:*:*:* (Version <= 2.2.28_r2)

    • * Denotes that component is vulnerable
    BACK
    openldap openldap 2.0.0
    openldap openldap 2.0.1
    openldap openldap 2.0.2
    openldap openldap 2.0.3
    openldap openldap 2.0.4
    openldap openldap 2.0.5
    openldap openldap 2.0.6
    openldap openldap 2.0.7
    openldap openldap 2.0.8
    openldap openldap 2.0.9
    openldap openldap 2.0.10
    openldap openldap 2.0.11
    openldap openldap 2.0.12
    openldap openldap 2.0.13
    openldap openldap 2.0.14
    openldap openldap 2.0.15
    openldap openldap 2.0.16
    openldap openldap 2.0.17
    openldap openldap 2.0.18
    openldap openldap 2.0.19
    openldap openldap 2.0.20
    openldap openldap 2.0.21
    openldap openldap 2.0.22
    openldap openldap 2.0.23
    openldap openldap 2.0.24
    openldap openldap 2.0.25
    openldap openldap 2.0.26
    openldap openldap 2.0.27
    openldap openldap 2.1.2
    openldap openldap 2.1.3
    openldap openldap 2.1.4
    openldap openldap 2.1.5
    openldap openldap 2.1.6
    openldap openldap 2.1.7
    openldap openldap 2.1.8
    openldap openldap 2.1.9
    openldap openldap 2.1.10
    openldap openldap 2.1.11
    openldap openldap 2.1.12
    openldap openldap 2.1.13
    openldap openldap 2.1.14
    openldap openldap 2.1.15
    openldap openldap 2.1.16
    openldap openldap 2.1.17
    openldap openldap 2.1.18
    openldap openldap 2.1.19
    openldap openldap 2.1.20
    openldap openldap 2.1.21
    openldap openldap 2.1.22
    openldap openldap 2.1.23
    openldap openldap 2.1.24
    openldap openldap 2.1.25
    openldap openldap 2.1.26
    openldap openldap 2.1.27
    openldap openldap 2.1.28
    openldap openldap 2.1.29
    openldap openldap 2.1.30
    openldap openldap 2.2.4
    openldap openldap 2.2.5
    openldap openldap 2.2.6
    openldap openldap 2.2.7
    openldap openldap 2.2.8
    openldap openldap 2.2.9
    openldap openldap 2.2.10
    openldap openldap 2.2.11
    openldap openldap 2.2.12
    openldap openldap 2.2.13
    openldap openldap 2.2.14
    openldap openldap 2.2.15
    openldap openldap 2.2.16
    openldap openldap 2.2.17
    openldap openldap 2.2.18
    openldap openldap 2.2.19
    openldap openldap 2.2.20
    openldap openldap 2.2.21
    openldap openldap 2.2.22
    openldap openldap 2.2.23
    openldap openldap 2.2.24
    openldap openldap 2.2.25
    openldap openldap 2.2.26
    openldap openldap 2.2.27
    openldap openldap *