CVE-2006-7191

Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl
http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33
http://lam.sourceforge.net/changelog/index.htm
http://secunia.com/advisories/25157
http://www.securityfocus.com/bid/23857
http://www.us.debian.org/security/2007/dsa-1287

Configurations

Configuration 1 (hide)

cpe:2.3:a:ldap_account_manager:ldap_account_manager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-04-03 00:19

Updated : 2024-02-04 17:13

NVD link : CVE-2006-7191

Mitre link : CVE-2006-7191

CVE.ORG link : CVE-2006-7191

JSON object : View

Products Affected

ldap_account_manager

ldap_account_manager

CWE

NVD-CWE-Other

7.2 /10