Vulnerability Name:

CVE-2006-4600 (CCN-28772)

Assigned:2006-09-04
Published:2006-09-04
Updated:2018-10-17
Summary:slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.3 Low (CVSS v2 Vector: AV:A/AC:M/Au:S/C:N/I:P/A:N)
1.7 Low (Temporal CVSS v2 Vector: AV:A/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: SGI
Type: UNKNOWN
20070602-01-P

Source: CCN
Type: Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDT
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: MITRE
Type: CNA
CVE-2006-4600

Source: FULLDISC
Type: UNKNOWN
20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: CCN
Type: VMware Security-announce Mailing list, Wed Sep 19 19:15:23 PDT 2007
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: CCN
Type: RHSA-2007-0310
Low: openldap security update

Source: CCN
Type: RHSA-2007-0430
Low: openldap security and bug-fix update

Source: CCN
Type: SA21721
OpenLDAP slapd "selfwrite" Security Issue

Source: SECUNIA
Type: Patch, Vendor Advisory
21721

Source: SECUNIA
Type: UNKNOWN
22219

Source: SECUNIA
Type: UNKNOWN
22273

Source: SECUNIA
Type: UNKNOWN
22300

Source: SECUNIA
Type: UNKNOWN
25098

Source: SECUNIA
Type: UNKNOWN
25628

Source: CCN
Type: SA25676
Avaya Products OpenLDAP slapd "selfwrite" Security Issue

Source: SECUNIA
Type: UNKNOWN
25676

Source: SECUNIA
Type: UNKNOWN
25894

Source: CCN
Type: SA26909
VMware ESX Server Multiple Security Updates

Source: SECUNIA
Type: UNKNOWN
26909

Source: SECUNIA
Type: UNKNOWN
27706

Source: GENTOO
Type: UNKNOWN
GLSA-200711-23

Source: CCN
Type: SECTRACK ID: 1016783
OpenLDAP `selfwrite` Access Control Error May Let Remote Authenticated Users Make Unauthorized Attribute Modifications

Source: SECTRACK
Type: UNKNOWN
1016783

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm

Source: CCN
Type: ASA-2007-232
OpenLDAP security update (RHSA-2007-0310)

Source: CCN
Type: ASA-2007-283
OpenLDAP security and bug-fix update (RHSA-2007-0430)

Source: CCN
Type: GLSA-200711-23
VMware Workstation and Player: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:171

Source: CCN
Type: OpenLDAP ITS - Software Bugs/4587
selfwrite access is broken

Source: MISC
Type: Patch
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587

Source: MLIST
Type: Patch
[openldap-announce] 20060801 OpenLDAP 2.3.25 available

Source: CCN
Type: OpenLDAP Web site
OpenLDAP, Download

Source: CONFIRM
Type: Patch
http://www.openldap.org/software/release/changes.html

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0310

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0430

Source: BUGTRAQ
Type: UNKNOWN
20060929 rPSA-2006-0176-1 openldap openldap-clients openldap-servers

Source: BID
Type: Patch
19832

Source: CCN
Type: BID-19832
OpenLDAP SLAPD Access Control Circumvention Vulnerability

Source: TRUSTIX
Type: UNKNOWN
2006-0055

Source: CCN
Type: VMware, Inc. Web site
Download Patch ESX-1001727 for VMware ESX Server 3.0.2

Source: VUPEN
Type: UNKNOWN
ADV-2007-2186

Source: VUPEN
Type: UNKNOWN
ADV-2007-3229

Source: XF
Type: UNKNOWN
openldap-selfwrite-security-bypass(28772)

Source: XF
Type: UNKNOWN
openldap-selfwrite-security-bypass(28772)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-667

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9618

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openldap:openldap:2.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:openldap:openldap:2.0.24:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20064600
    V
    		CVE-2006-4600
    2015-11-16
    oval:org.mitre.oval:def:9618
    V
    		slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
    2013-04-29
    oval:com.redhat.rhsa:def:20070430
    P
    		RHSA-2007:0430: openldap security and bug-fix update (Low)
    2007-06-11
    oval:com.redhat.rhsa:def:20070310
    P
    		RHSA-2007:0310: openldap security update (Low)
    2007-05-01
    BACK
    openldap openldap 2.0.20
    openldap openldap 2.0.21
    openldap openldap 2.0.22
    openldap openldap 2.0.23
    openldap openldap 2.0.24