fkie_nvd - fkie_cve-2000-0336

fkie_cve-2000-0336

Vulnerability from fkie_nvd

Published

2000-04-21 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

References

URL	Tags
cve@mitre.org	ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2000-012.html
cve@mitre.org	http://www.securityfocus.com/bid/1232
cve@mitre.org	http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2000-012.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/1232
af854a3a-2127-422b-91ae-364da2661108	http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html

Impacted products

Vendor	Product	Version
openldap	openldap	1.2.7
openldap	openldap	1.2.8
openldap	openldap	1.2.9
openldap	openldap	1.2.10
mandrakesoft	mandrake_linux	6.1
mandrakesoft	mandrake_linux	7.0
redhat	linux	6.1
redhat	linux	6.1
redhat	linux	6.1
redhat	linux	6.2
redhat	linux	6.2
redhat	linux	6.2
turbolinux	turbolinux	4.2
turbolinux	turbolinux	4.4
turbolinux	turbolinux	6.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC07AD0D-5DF9-41A4-8592-CEFF1842355D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "30017C56-42A9-4AF9-B5B3-7357E424F837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A51F38-3F5A-4F6D-93EE-776B5C2FF48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBEC27E-3220-42CE-B6CC-675F387CB506",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACAAD334-2CA7-4B3B-BA25-302E7610BC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4853E92-5E0A-47B9-A343-D5BEE87D2C27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "C89454B9-4F45-4A42-A06D-ED42D893C544",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.1:*:i386:*:*:*:*:*",
              "matchCriteriaId": "B72D6205-DFA4-41D9-B3B6-0B7DA756CD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "1E64093E-7D53-4238-95C3-48ED5A0FFD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
              "matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:turbolinux:turbolinux:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D15A193-3E01-467C-AEAD-497F4600DB06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:turbolinux:turbolinux:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7C765FF-0A3D-4BF4-B236-609658776ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:turbolinux:turbolinux:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6619B49-8A89-4600-A47F-A39C8BF54259",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack."
    }
  ],
  "id": "CVE-2000-0336",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-04-21T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2000-012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/1232"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2000-012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/1232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2000-0336 (GCVE-0-2000-0336)

Vulnerability from cvelistv5

Published

2000-07-12 04:00