漏洞信息详情
OpenLDAP认证用户目标属性缺失漏洞
- CNNVD编号:CNNVD-200201-014
- 危害等级: 高危
![图片[1]-OpenLDAP认证用户目标属性缺失漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-11/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2002-0045
- 漏洞类型:
访问验证错误
- 发布时间:
2002-01-31
- 威胁类型:
远程
- 更新时间:
2006-11-07
- 厂 商:
redhat - 漏洞来源:
Credited to Thomas… -
漏洞简介
OpenLDAP 2.0到2.0.19版本中的slapd存在漏洞。本地用户和2.0.8版本之前的匿名用户在不具有任何值的访问控件上进行\”replace\”行为,该漏洞导致OpenLDAP删除本应该被ACLs保护的非限制属性。
漏洞公告
This vulnerability is eliminated in OpenLDAP 2.0.21. Red Hat and Conectiva have also released upgraded packages.
It should be noted that Red Hat 7.0 shipped with OpenLDAP version 1.2.11. An update upgraded this to version 2.0.11. Version 1.2.11 is not vulnerable. The newer fix should still be applied even if the 2.0.11 upgrade was not installed. Red Hat 7.1 originally shipped with version 2.0.7. An update upgraded this to version 2.0.11.
Users of HP Secure Linux 1.0 are advised to upgrade using the fixes supplied by Red Hat (listed below).
Additional upgrades are available.
OpenLDAP OpenLDAP 2.0
-
OpenLDAP openldap-2.0.21.tgz
ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.0.21.t
gz
OpenLDAP OpenLDAP 2.0.1
-
OpenLDAP openldap-2.0.21.tgz
ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.0.21.t
gz
OpenLDAP OpenLDAP 2.0.10
-
OpenLDAP openldap-2.0.21.tgz
ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.0.21.t
gz
OpenLDAP OpenLDAP 2.0.11 -9
-
Caldera openldap-2.0.11-11.i386
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/
openldap-2.0.11-11.i386.rpm -
Caldera openldap-2.0.11-11.i386
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/
RPMS/openldap-2.0.11-11.i386.rpm -
Caldera openldap-devel-2.0.11-11.i386
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/
openldap-devel-2.0.11-11.i386.rpm -
Caldera openldap-devel-2.0.11-11.i386
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/
RPMS/openldap-devel-2.0.11-11.i386.rpm
OpenLDAP OpenLDAP 2.0.11
-
Conectiva openldap-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-2.0.21-1U70_2cl.
i386.rpm -
Conectiva openldap-client-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-client-2.0.21-1U
70_2cl.i386.rpm -
Conectiva openldap-devel-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-devel-2.0.21-1U7
0_2cl.i386.rpm -
Conectiva openldap-devel-static-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-devel-static-2.0
.21-1U70_2cl.i386.rpm -
Conectiva openldap-doc-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-doc-2.0.21-1U70_
2cl.i386.rpm -
Conectiva openldap-server-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-server-2.0.21-1U
70_2cl.i386.rpm -
Conectiva openldap2-2.0.21-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-2.0.21-1U60_1cl
.i386.rpm -
Conectiva openldap2-devel-2.0.21-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-devel-2.0.21-1U
60_1cl.i386.rpm -
Conectiva openldap2-tests-2.0.21-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-tests-2.0.21-1U
60_1cl.i386.rpm -
OpenLDAP openldap-2.0.21.tgz
ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.0.21.t
gz -
Red Hat openldap-2.0.21-0.7.1.alpha.rpmFix for 7.1/alpha.
ftp://updates.redhat.com/7.1/en/os/alpha/openldap-2.0.21-0.7.1.alpha.r
pm -
Red Hat openldap-2.0.21-0.7.1.i386.rpmFix for 7.1/i386.
ftp://updates.redhat.com/7.1/en/os/i386/openldap-2.0.21-0.7.1.i386.rpm
-
Red Hat openldap-2.0.21-0.7.1.ia64.rpmFix for 7.1/ia64.
ftp://updates.redhat.com/7.1/en/os/ia64/openldap-2.0.21-0.7.1.ia64.rpm
-
Red Hat openldap-2.0.21-1.i386.rpmFix for 7.2/i386.
ftp://updates.redhat.com/7.2/en/os/i386/openldap-2.0.21-1.i386.rpm -
Red Hat openldap-2.0.21-1.ia64.rpmFix for 7.2/ia64.
ftp://updates.redhat.com/7.2/en/os/ia64/openldap-2.0.21-1.ia64.rpm -
Red Hat openldap-clients-2.0.21-0.7.1.alpha.rpmFix for 7.0/alpha.
ftp://updates.redhat.com/7.0/en/os/alpha/openldap-clients-2.0.21-0.7.1
.alpha.rpm -
Red Hat openldap-clients-2.0.21-0.7.1.alpha.rpmFix for 7.1/alpha.
ftp://updates.redhat.com/7.1/en/os/alpha/openldap-clients-2.0.21-0.7.1
.alpha.rpm -
Red Hat openldap-clients-2.0.21-0.7.1.i386.rpmFix for 7.0/i386.
ftp://updates.redhat.com/7.0/en/os/i386/openldap-2.0.21-0.7.1.i386.rpm
-
Red Hat openldap-clients-2.0.21-0.7.1.i386.rpmFix for 7.1/i386.
ftp://updates.redhat.com/7.1/en/os/i386/openldap-clients-2.0.21-0.7.1.
i386.rpm -
Red Hat openldap-clients-2.0.21-0.7.1.ia64.rpmFix for 7.1/ia64.
ftp://updates.redhat.com/7.1/en/os/ia64/openldap-clients-2.0.21-0.7.1.
ia64.rpm -
Red Hat openldap-clients-2.0.21-1.i386.rpmFix for 7.2/i386.
ftp://updates.redhat.com/7.2/en/os/i386/openldap-clients-2.0.21-1.i386
.rpm - Red Hat openldap-clients-2.0.21-1.ia64.rpmFix f
参考网址
来源: XF
名称: openldap-slapd-delete-attributes(7978)
链接:http://xforce.iss.net/xforce/xfdb/7978
来源: HP
名称: HPSBTL0201-020
链接:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-020
来源: BID
名称: 3945
链接:http://www.securityfocus.com/bid/3945
来源: REDHAT
名称: RHSA-2002:014
链接:http://www.redhat.com/support/errata/RHSA-2002-014.html
来源: OSVDB
名称: 5395
链接:http://www.osvdb.org/5395
来源: www.openldap.org
链接:http://www.openldap.org/lists/openldap-announce/200201/msg00002.html
来源: MANDRAKE
名称: MDKSA-2002:013
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:013
来源: CONECTIVA
名称: CLA-2002:459
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000459
来源: CALDERA
名称: CSSA-2002-001.0
链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-001.0.txt
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
