CVE-2006-4600 (GCVE-0-2006-4600)

Vulnerability from cvelistv5 – Published: 2006-09-07 00:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
http://secunia.com/advisories/22300 third-party-advisoryx_refsource_SECUNIA
http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://secunia.com/advisories/25098 third-party-advisoryx_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200711-23.xml vendor-advisoryx_refsource_GENTOO
http://secunia.com/advisories/25894 third-party-advisoryx_refsource_SECUNIA
http://www.openldap.org/lists/openldap-announce/2… mailing-listx_refsource_MLIST
https://issues.rpath.com/browse/RPL-667 x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/3229 vdb-entryx_refsource_VUPEN
http://www.trustix.org/errata/2006/0055 vendor-advisoryx_refsource_TRUSTIX
http://www.securityfocus.com/archive/1/447395/100… mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/22273 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25628 third-party-advisoryx_refsource_SECUNIA
http://www.openldap.org/its/index.cgi/Software%20… x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2007-04… vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2007/2186 vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/bid/19832 vdb-entryx_refsource_BID
http://www.redhat.com/support/errata/RHSA-2007-03… vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/26909 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27706 third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1016783 vdb-entryx_refsource_SECTRACK
ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
http://www.openldap.org/software/release/changes.html x_refsource_CONFIRM
http://secunia.com/advisories/22219 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25676 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/21721 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:14:47.800Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm"
          },
          {
            "name": "22300",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22300"
          },
          {
            "name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
          },
          {
            "name": "MDKSA-2006:171",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:171"
          },
          {
            "name": "25098",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25098"
          },
          {
            "name": "GLSA-200711-23",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
          },
          {
            "name": "25894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25894"
          },
          {
            "name": "[openldap-announce] 20060801 OpenLDAP 2.3.25 available",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openldap.org/lists/openldap-announce/200608/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-667"
          },
          {
            "name": "ADV-2007-3229",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3229"
          },
          {
            "name": "2006-0055",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0055"
          },
          {
            "name": "20060929 rPSA-2006-0176-1 openldap openldap-clients openldap-servers",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447395/100/200/threaded"
          },
          {
            "name": "22273",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22273"
          },
          {
            "name": "25628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25628"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587"
          },
          {
            "name": "RHSA-2007:0430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0430.html"
          },
          {
            "name": "ADV-2007-2186",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2186"
          },
          {
            "name": "openldap-selfwrite-security-bypass(28772)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28772"
          },
          {
            "name": "oval:org.mitre.oval:def:9618",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618"
          },
          {
            "name": "19832",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19832"
          },
          {
            "name": "RHSA-2007:0310",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0310.html"
          },
          {
            "name": "26909",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26909"
          },
          {
            "name": "27706",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27706"
          },
          {
            "name": "1016783",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016783"
          },
          {
            "name": "20070602-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openldap.org/software/release/changes.html"
          },
          {
            "name": "22219",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22219"
          },
          {
            "name": "25676",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25676"
          },
          {
            "name": "21721",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21721"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm"
        },
        {
          "name": "22300",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22300"
        },
        {
          "name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
        },
        {
          "name": "MDKSA-2006:171",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:171"
        },
        {
          "name": "25098",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25098"
        },
        {
          "name": "GLSA-200711-23",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
        },
        {
          "name": "25894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25894"
        },
        {
          "name": "[openldap-announce] 20060801 OpenLDAP 2.3.25 available",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openldap.org/lists/openldap-announce/200608/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-667"
        },
        {
          "name": "ADV-2007-3229",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3229"
        },
        {
          "name": "2006-0055",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0055"
        },
        {
          "name": "20060929 rPSA-2006-0176-1 openldap openldap-clients openldap-servers",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447395/100/200/threaded"
        },
        {
          "name": "22273",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22273"
        },
        {
          "name": "25628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25628"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587"
        },
        {
          "name": "RHSA-2007:0430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0430.html"
        },
        {
          "name": "ADV-2007-2186",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2186"
        },
        {
          "name": "openldap-selfwrite-security-bypass(28772)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28772"
        },
        {
          "name": "oval:org.mitre.oval:def:9618",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618"
        },
        {
          "name": "19832",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19832"
        },
        {
          "name": "RHSA-2007:0310",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0310.html"
        },
        {
          "name": "26909",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26909"
        },
        {
          "name": "27706",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27706"
        },
        {
          "name": "1016783",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016783"
        },
        {
          "name": "20070602-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openldap.org/software/release/changes.html"
        },
        {
          "name": "22219",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22219"
        },
        {
          "name": "25676",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25676"
        },
        {
          "name": "21721",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21721"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm"
            },
            {
              "name": "22300",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22300"
            },
            {
              "name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
            },
            {
              "name": "MDKSA-2006:171",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:171"
            },
            {
              "name": "25098",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25098"
            },
            {
              "name": "GLSA-200711-23",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
            },
            {
              "name": "25894",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25894"
            },
            {
              "name": "[openldap-announce] 20060801 OpenLDAP 2.3.25 available",
              "refsource": "MLIST",
              "url": "http://www.openldap.org/lists/openldap-announce/200608/msg00000.html"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-667",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-667"
            },
            {
              "name": "ADV-2007-3229",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3229"
            },
            {
              "name": "2006-0055",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2006/0055"
            },
            {
              "name": "20060929 rPSA-2006-0176-1 openldap openldap-clients openldap-servers",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447395/100/200/threaded"
            },
            {
              "name": "22273",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22273"
            },
            {
              "name": "25628",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25628"
            },
            {
              "name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587",
              "refsource": "MISC",
              "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587"
            },
            {
              "name": "RHSA-2007:0430",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0430.html"
            },
            {
              "name": "ADV-2007-2186",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2186"
            },
            {
              "name": "openldap-selfwrite-security-bypass(28772)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28772"
            },
            {
              "name": "oval:org.mitre.oval:def:9618",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618"
            },
            {
              "name": "19832",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19832"
            },
            {
              "name": "RHSA-2007:0310",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0310.html"
            },
            {
              "name": "26909",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26909"
            },
            {
              "name": "27706",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27706"
            },
            {
              "name": "1016783",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016783"
            },
            {
              "name": "20070602-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
            },
            {
              "name": "http://www.openldap.org/software/release/changes.html",
              "refsource": "CONFIRM",
              "url": "http://www.openldap.org/software/release/changes.html"
            },
            {
              "name": "22219",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22219"
            },
            {
              "name": "25676",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25676"
            },
            {
              "name": "21721",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21721"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4600",
    "datePublished": "2006-09-07T00:00:00",
    "dateReserved": "2006-09-06T00:00:00",
    "dateUpdated": "2024-08-07T19:14:47.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28E643F8-005A-4170-8275-8E4AB5C25209\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8A34C63-C17D-4026-B409-AA9A56529B87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EA863B0-A6AB-44BD-84E8-B6C885EFFE10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24BFAEC7-6256-4B8F-83F5-60FBD1571936\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openldap:openldap:2.0.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83227371-ACC3-4217-BFF9-0A3AAADD50DD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).\"}, {\"lang\": \"es\", \"value\": \"slapd en OpenLDAP anterior a 2.3.25 permite a un atacante remoto validar a usuarios con privilegios del Access Control List del selfwrite (ACL) para modificar los Distinguished Names (DN) de su elecci\\u00f3n.\"}]",
      "id": "CVE-2006-4600",
      "lastModified": "2024-11-21T00:16:20.703",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 2.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.4, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-09-07T00:04:00.000",
      "references": "[{\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/21721\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/22219\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/22273\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/22300\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25098\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25628\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25676\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25894\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26909\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27706\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200711-23.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016783\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:171\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openldap.org/lists/openldap-announce/200608/msg00000.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openldap.org/software/release/changes.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0310.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0430.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/447395/100/200/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/19832\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.trustix.org/errata/2006/0055\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2186\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3229\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28772\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-667\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618\", \"source\": \"cve@mitre.org\"}, {\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/21721\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/22219\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22273\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22300\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25098\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25628\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25676\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25894\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26909\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27706\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200711-23.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016783\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:171\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openldap.org/lists/openldap-announce/200608/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openldap.org/software/release/changes.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0310.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0430.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/447395/100/200/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/19832\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.trustix.org/errata/2006/0055\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2186\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3229\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28772\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-667\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Red Hat is aware of this issue and is tracking it via the following bug:\\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205826\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here:\\nhttp://www.redhat.com/security/updates/classification/\\n\\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.\", \"lastModified\": \"2007-09-05T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-4600\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-09-07T00:04:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).\"},{\"lang\":\"es\",\"value\":\"slapd en OpenLDAP anterior a 2.3.25 permite a un atacante remoto validar a usuarios con privilegios del Access Control List del selfwrite (ACL) para modificar los Distinguished Names (DN) de su elecci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":2.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28E643F8-005A-4170-8275-8E4AB5C25209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8A34C63-C17D-4026-B409-AA9A56529B87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EA863B0-A6AB-44BD-84E8-B6C885EFFE10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24BFAEC7-6256-4B8F-83F5-60FBD1571936\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83227371-ACC3-4217-BFF9-0A3AAADD50DD\"}]}]}],\"references\":[{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21721\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22219\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22273\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22300\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25098\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25628\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25676\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25894\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26909\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27706\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200711-23.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016783\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:171\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openldap.org/lists/openldap-announce/200608/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openldap.org/software/release/changes.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0310.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0430.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447395/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19832\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.trustix.org/errata/2006/0055\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2186\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3229\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28772\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-667\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/21721\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22273\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22300\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26909\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200711-23.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:171\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openldap.org/lists/openldap-announce/200608/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openldap.org/software/release/changes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0310.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0430.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447395/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19832\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.trustix.org/errata/2006/0055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2186\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3229\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28772\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-667\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat is aware of this issue and is tracking it via the following bug:\\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205826\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here:\\nhttp://www.redhat.com/security/updates/classification/\\n\\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.\",\"lastModified\":\"2007-09-05T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.