CVE-2006-4600 | Vulnerability Database | Aqua Security

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).

Affected Software

Name	Vendor	Start Version	End Version
Openldap	Openldap	2.0.20 (including)	2.0.20 (including)
Openldap	Openldap	2.0.21 (including)	2.0.21 (including)
Openldap	Openldap	2.0.22 (including)	2.0.22 (including)
Openldap	Openldap	2.0.23 (including)	2.0.23 (including)
Openldap	Openldap	2.0.24 (including)	2.0.24 (including)
Red Hat Enterprise Linux 3	RedHat	openldap-0:2.0.27-23	*
Red Hat Enterprise Linux 4	RedHat	openldap-0:2.2.13-7.4E	*

References

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://secunia.com/advisories/21721
http://secunia.com/advisories/22219
http://secunia.com/advisories/22273
http://secunia.com/advisories/22300
http://secunia.com/advisories/25098
http://secunia.com/advisories/25628
http://secunia.com/advisories/25676
http://secunia.com/advisories/25894
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://security.gentoo.org/glsa/glsa-200711-23.xml
http://securitytracker.com/id?1016783
http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2006:171
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587
http://www.openldap.org/lists/openldap-announce/200608/msg00000.html
http://www.openldap.org/software/release/changes.html
http://www.redhat.com/support/errata/RHSA-2007-0310.html
http://www.redhat.com/support/errata/RHSA-2007-0430.html
http://www.securityfocus.com/archive/1/447395/100/200/threaded
http://www.securityfocus.com/bid/19832
http://www.trustix.org/errata/2006/0055
http://www.vupen.com/english/advisories/2007/2186
http://www.vupen.com/english/advisories/2007/3229
https://exchange.xforce.ibmcloud.com/vulnerabilities/28772
https://issues.rpath.com/browse/RPL-667
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://secunia.com/advisories/21721
http://secunia.com/advisories/22219
http://secunia.com/advisories/22273
http://secunia.com/advisories/22300
http://secunia.com/advisories/25098
http://secunia.com/advisories/25628
http://secunia.com/advisories/25676
http://secunia.com/advisories/25894
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://security.gentoo.org/glsa/glsa-200711-23.xml
http://securitytracker.com/id?1016783
http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2006:171
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587
http://www.openldap.org/lists/openldap-announce/200608/msg00000.html
http://www.openldap.org/software/release/changes.html
http://www.redhat.com/support/errata/RHSA-2007-0310.html
http://www.redhat.com/support/errata/RHSA-2007-0430.html
http://www.securityfocus.com/archive/1/447395/100/200/threaded
http://www.securityfocus.com/bid/19832
http://www.trustix.org/errata/2006/0055
http://www.vupen.com/english/advisories/2007/2186
http://www.vupen.com/english/advisories/2007/3229
https://exchange.xforce.ibmcloud.com/vulnerabilities/28772
https://issues.rpath.com/browse/RPL-667
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4600
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html