CVE-2014-9713
Published: 1 April 2015
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.
Notes
Author | Note |
---|---|
mdeslaur | debian/ubuntu specific issue can't automatically fix this for existing installations. |
Priority
Status
Package | Release | Status |
---|---|---|
openldap Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Released
(2.4.28-1.1ubuntu4.6)
|
|
trusty |
Released
(2.4.31-1+nmu2ubuntu8.2)
|
|
upstream |
Released
(2.4.40-2)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Released
(2.4.31-1+nmu2ubuntu12.3)
|
|
Patches: vendor: http://anonscm.debian.org/cgit/pkg-openldap/openldap.git/commit/?id=1d124f25f57c5f0dcbe935e1ea796e767e2603bd vendor: http://anonscm.debian.org/cgit/pkg-openldap/openldap.git/commit/?id=1868c7d3e2efc0500585d20dd7b771ace9d4aca9 |