CERTA-2003-AVI-041

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité présente dans le démon réseau secldapclntd permet à un utilisateur mal intentionné d'accéder et de modifier des informations situées sur le serveur LDAP (Lightweight Directory Access Protocol).

Description

Le démon réseau secldapclntd est utilisé pour le transfert des requêtes d'authentification d'un module LDAP vers un serveur LDAP.

Une vulnérabilité sur ce démon permet à un utilisateur distant mal intentionné, via des requêtes malicieusement construites, d'accéder et de modifier des informations sur le serveur LDAP.

Solution

Appliquer le correctif d'IBM correspondant à votre plate-forme (cf. section documentation) selon sa disponibilité.

IBM AIX versions 4.3, 5.1 et 5.2.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eIBM AIX versions 4.3, 5.1 et 5.2.\u003c/p\u003e",
  "content": "## Description\n\nLe d\u00e9mon r\u00e9seau secldapclntd est utilis\u00e9 pour le transfert des requ\u00eates\nd\u0027authentification d\u0027un module LDAP vers un serveur LDAP.\n\nUne vuln\u00e9rabilit\u00e9 sur ce d\u00e9mon permet \u00e0 un utilisateur distant mal\nintentionn\u00e9, via des requ\u00eates malicieusement construites, d\u0027acc\u00e9der et\nde modifier des informations sur le serveur LDAP.\n\n## Solution\n\nAppliquer le correctif d\u0027IBM correspondant \u00e0 votre plate-forme (cf.\nsection documentation) selon sa disponibilit\u00e9.\n",
  "cves": [],
  "links": [
    {
      "title": "Correctif :",
      "url": "http://techsupport.services.ibm.com/rs6k/fixdb.html"
    }
  ],
  "reference": "CERTA-2003-AVI-041",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Diffusion d\u0027information"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans le d\u00e9mon r\u00e9seau secldapclntd permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027acc\u00e9der et de modifier des informations\nsitu\u00e9es sur le serveur LDAP (Lightweight Directory Access Protocol).\n",
  "title": "Vuln\u00e9rabilit\u00e9 de LDAP sous IBM AIX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 MSS-OAR-E01-2003:0245.1 d\u0027IBM",
      "url": "http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0245.1"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.