LDAP Account Manager Modified Path Local Privilege Escalation Vulnerability

Bugtraq ID:	23857
Class:	Design Error
CVE:	CVE-2006-7191
Remote:	No
Local:	Yes
Published:	May 07 2007 12:00AM
Updated:	May 16 2007 10:28PM
Credit:	Tim Rice is credited with the discovery of this vulnerability.
Vulnerable:	LAM LDAP Account Manager 1.0rc2 LAM LDAP Account Manager 1.0 rc1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1
Not Vulnerable:	LAM LDAP Account Manager 1.0

LDAP Account Manager Modified Path Local Privilege Escalation Vulnerability

LDAP Account Manager is prone to a local privilege-escalation vulnerability.

A local attacker may execute arbitrary code with superuser privileges. This may facilitate a complete compromise of the affected computer.

Versions prior to 1.0.0 are reported vulnerable to this issue.

LDAP Account Manager Modified Path Local Privilege Escalation Vulnerability

Attackers can use the vulnerable application itself to exploit this issue.

LDAP Account Manager Modified Path Local Privilege Escalation Vulnerability

Solution:
The vendor has addressed this issue in version 1.0.0 and later. Contact the vendor for details on obtaining the appropriate updates.

LDAP Account Manager Modified Path Local Privilege Escalation Vulnerability

References:

• Diff of /lam/lib/lamdaemon.pl (LAM)
  
• LAM Changelog (LAM)
  
• LDAP Account Manager Homepage (Roland Gruber Softwareentwicklung)