1. CVE-Search
  2. CVE-2004-1997
ID CVE-2004-1997
Summary Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:kolab:kolab_groupware_server:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:kolab:kolab_groupware_server:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kolab:kolab_groupware_server:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:kolab:kolab_groupware_server:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kolab:kolab_groupware_server:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:kolab:kolab_groupware_server:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:kolab:kolab_groupware_server:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:kolab:kolab_groupware_server:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:kolab:kolab_groupware_server:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:kolab:kolab_groupware_server:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:kolab:kolab_groupware_server:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:kolab:kolab_groupware_server:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:kolab:kolab_groupware_server:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:kolab:kolab_groupware_server:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 10277
confirm http://www.erfrakon.de/projects/kolab/download/kolab-server-1.0/src/Changelog
mandrake MDKSA-2004:052
mlist [kolab-users] 20040420 Possible Kolab LDAP configuration information disclosure
openpkg OpenPKG-SA-2004.019
osvdb 5898
secunia 11560
xf kolab-root-password-plaintext(16068)
Last major update 11-07-2017 - 01:31
Published 05-05-2004 - 04:00
Last modified 11-07-2017 - 01:31
Back to Top