fkie_nvd - fkie_cve-2014-9713

fkie_cve-2014-9713

Vulnerability from fkie_nvd

Published

2015-04-01 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

References

URL	Tags
security@debian.org	http://www.debian.org/security/2015/dsa-3209	Vendor Advisory
security@debian.org	http://www.openwall.com/lists/oss-security/2015/03/29/2
security@debian.org	http://www.securityfocus.com/bid/73217
security@debian.org	http://www.ubuntu.com/usn/USN-2742-1
security@debian.org	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3209	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/03/29/2
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73217
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2742-1
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406

Impacted products

Vendor	Product	Version
openldap	openldap	2.4.23
openldap	openldap	2.4.24
openldap	openldap	2.4.25
openldap	openldap	2.4.26
openldap	openldap	2.4.27
openldap	openldap	2.4.28
openldap	openldap	2.4.29
openldap	openldap	2.4.30
openldap	openldap	2.4.31
openldap	openldap	2.4.32
openldap	openldap	2.4.33
openldap	openldap	2.4.34
openldap	openldap	2.4.35
openldap	openldap	2.4.36
openldap	openldap	2.4.37
openldap	openldap	2.4.38
openldap	openldap	2.4.39
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DE5D180-3972-40A0-ADAF-A4F3364D1381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD76F376-00D8-4917-BF68-6EECC316C331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7063C11-3BF5-4037-ADC3-0C7E9AF830B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAE258EA-1B57-4189-AD5A-7E2ACF223167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "C492F5F5-A6FD-4BED-890A-79254138CC0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6F7FDE8-2E54-4162-AA5F-D81253AAC8FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "693E3145-FDDB-4780-886B-6D7FC7B2C5B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF32056-CC6A-4B2B-8FAA-F573445B9B99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "93B99338-4A1A-4483-8308-49BCCB325C30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE652CE3-E16B-4062-8253-F3FB52A651EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A30ED6D-1DB8-4563-B131-1532F97F9694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "7764366D-29BB-4D75-A33C-7C17DA7496DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A38D99B-370E-430A-A657-CD9FF72D0863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3D3034-D938-402D-A02F-3F4005C438AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D979A0-3214-4DC6-A838-0AD2444CA5FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "25B3EF5D-7889-4206-838C-E932AFCBE15D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B20FA14-9F5B-425D-ACEF-A2348252C39A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user\u0027s permissions and other user attributes via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n por defecto slapd en el paquete Debian openldap 2.4.23-3 hasta 2.4.39-1.1 permite a usuarios remotos autenticados modificar los permisos de usuarios y otros atributos de usuarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-9713",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-01T14:59:00.067",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3209"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/29/2"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.securityfocus.com/bid/73217"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.ubuntu.com/usn/USN-2742-1"
    },
    {
      "source": "security@debian.org",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/29/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2742-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-9713 (GCVE-0-2014-9713)

Vulnerability from cvelistv5

Published

2015-04-01 14:00