1. CVE-Search
  2. CVE-2006-1782
ID CVE-2006-1782
Summary Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2006-05-31T09:45:00.000-04:00
class vulnerability
contributors
name Robert L. Hollis
organization ThreatGuard, Inc.
description Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch.
family unix
id oval:org.mitre.oval:def:1840
status accepted
submitted 2006-04-14T06:41:00.000-04:00
title LDAP rootDN Password Disclosure Vulnerability
version 36
refmap via4
bid 17479
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-122.htm
osvdb
  • 24563
  • 24564
  • 24565
  • 24566
  • 24567
  • 24568
sectrack 1015903
secunia
  • 19638
  • 21493
sunalert 102113
vupen ADV-2006-1334
xf solaris-ldap2-password-disclosure(25747)
Last major update 30-10-2018 - 16:25
Published 13-04-2006 - 10:02
Last modified 30-10-2018 - 16:25
Back to Top