Skip to main content

Openldap CVE-2017-14159

MEDIUM
Improper Initialization (CWE-665)
2017-09-05 cve@mitre.org
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 05, 2017 - 18:29 cve.org
MEDIUM 4.7

DescriptionCVE.org

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as demonstrated by openldap-initscript.

AnalysisAI

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this. Rated medium severity (CVSS 4.7).

Technical ContextAI

This vulnerability is classified under CWE-665. slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as demonstrated by openldap-initscript. Affected products include: Openldap, Oracle Blockchain Platform.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-6908 MEDIUM POC
5.0 Sep 11

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a de

CVE-2015-1545 MEDIUM POC
5.0 Feb 12

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers

CVE-2013-4449 MEDIUM
4.3 Feb 05

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attacker

CVE-2017-9287 MEDIUM POC
6.5 May 29

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. Rated medium severit

CVE-2022-29155 CRITICAL POC
9.8 May 04

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql

CVE-2021-27212 HIGH POC
7.5 Feb 14

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpd

CVE-2020-12243 HIGH POC
7.5 Apr 28

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial

CVE-2017-17740 HIGH
7.5 Dec 18

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are ena

CVE-2015-3276 HIGH
7.5 Dec 07

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyw

CVE-2023-2953 HIGH
7.5 May 30

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no au

CVE-2020-25692 HIGH
7.5 Dec 08

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming

CVE-2019-13565 HIGH
7.5 Jul 26

An issue was discovered in OpenLDAP 2.x before 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely ex

Share

CVE-2017-14159 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy