OpenLDAP 'ud' Group Writable Vulnerability

Bugtraq ID:	1511
Class:	Unknown
CVE:	CVE-2000-0748
Remote:	No
Local:	Yes
Published:	Jul 27 2000 12:00AM
Updated:	Jul 11 2009 02:56AM
Credit:	Posted to BugTraq on July 26, 2000 by Christian Kleinewaechter <[email protected]>.
Vulnerable:	OpenLDAP OpenLDAP 1.2.11 - Debian Linux 2.2 sparc - Debian Linux 2.2 sparc - Debian Linux 2.2 powerpc - Debian Linux 2.2 powerpc - Debian Linux 2.2 arm - Debian Linux 2.2 arm - Debian Linux 2.2 alpha - Debian Linux 2.2 alpha - Debian Linux 2.2 68k - Debian Linux 2.2 - Debian Linux 2.2 + Redhat Linux 7.0 i386 + Redhat Linux 7.0 i386 + Redhat Linux 7.0 + Redhat Linux 7.0 OpenLDAP OpenLDAP 1.2.10 OpenLDAP OpenLDAP 1.2.9 + Redhat Linux 6.2 i386 + Redhat Linux 6.2 i386 + Redhat Linux 6.2 OpenLDAP OpenLDAP 1.2.8 OpenLDAP OpenLDAP 1.2.7
Not Vulnerable:	SuSE Linux 7.0 Redhat Linux 6.2 sparc Redhat Linux 6.2 i386 Redhat Linux 6.2 alpha

OpenLDAP 'ud' Group Writable Vulnerability

The "Interactive LDAP Directory Server query program", ud, which ships with OpenLDAP, is installed by default mode 775. Depending on the group it is installed as this could present a security issue and possibly be used to elevate privileges.

OpenLDAP 'ud' Group Writable Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

OpenLDAP 'ud' Group Writable Vulnerability

Solution:
Change the permissions for 'ud' to 755.

In the Makefile, replace the line:
$(LTINSTALL) $(INSTALLFLAGS) -m 775 ud $(bindir)
with
$(LTINSTALL) $(INSTALLFLAGS) -m 755 ud $(bindir)

OpenLDAP 'ud' Group Writable Vulnerability

References: