FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openldap -- slapd acl selfwrite Security Issue

Affected packages
openldap-sasl-server < 2.3.25
openldap-server < 2.3.25

Details

VuXML ID ae7124ff-547c-11db-8f1a-000a48049292
Discovery 2006-06-14
Entry 2006-10-05

Howard Chu reports:

An ACL of the form 'access to dn.subtree="ou=groups, dc=example,dc=com" attr=member by * selfwrite' is intended to only allow users to add/delete their own DN to the target attribute. Currently it allows any DNs to be modified.

References

Bugtraq ID 19832
CVE Name CVE-2006-4600
URL http://secunia.com/advisories/21721
URL http://securitytracker.com/alerts/2006/Sep/1016783.html
URL http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587
URL http://www.openldap.org/lists/openldap-announce/200608/msg00000.html