CVE-2002-1379

Name of the Vulnerable Software and Affected Versions OpenLDAP versions 1.2.13 through 2.0.27 OpenLDAP2 versions prior to 2.2.0 libldap2 (affected versions not specified) ldap-gateways (affected versions not specified) openldap-clients versions 1.2.13 through 2.0.27 openldap-servers versions 1.2.13 through 2.0.27 openldap-devel versions 1.2.13 through 2.0.27 openldap12 version 1.2.13

Description The issue involves multiple vulnerabilities in OpenLDAP packages, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities affect various components of OpenLDAP, including openldap-clients, openldap-servers, openldap-devel, and libldap2. In the case of OpenLDAP2, the vulnerability allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications running with extra privileges.

Recommendations For OpenLDAP versions 1.2.13 through 2.0.27, update to a version later than 2.0.27. For OpenLDAP2 versions prior to 2.2.0, update to version 2.2.0 or later. For libldap2, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ldap-gateways, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For openldap-clients versions 1.2.13 through 2.0.27, update to a version later than 2.0.27. For openldap-servers versions 1.2.13 through 2.0.27, update to a version later than 2.0.27. For openldap-devel versions 1.2.13 through 2.0.27, update to a version later than 2.0.27. For openldap12 version 1.2.13, update to a version later than 1.2.13.