CVE-2002-1508

Name of the Vulnerable Software and Affected Versions OpenLDAP versions 2.2.0 and earlier OpenLDAP2 versions 2.2.0 and earlier openldap-devel versions 2.0.27 openldap-clients versions 1.2.13 and 2.0.27 openldap-servers versions 1.2.13 and 2.0.27 libldap2 (affected versions not specified) ldap-gateways (affected versions not specified) openldap12-1.2.13 openldap-1.2.13 openldap-2.0.27

Description The issue involves multiple vulnerabilities in OpenLDAP packages, which can lead to the disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A specific vulnerability in slapd of OpenLDAP2 allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.

Recommendations For OpenLDAP versions 2.2.0 and earlier, update to a version later than 2.2.0. For openldap-devel version 2.0.27, update to a version later than 2.0.27. For openldap-clients versions 1.2.13 and 2.0.27, update to versions later than 1.2.13 and 2.0.27 respectively. For openldap-servers versions 1.2.13 and 2.0.27, update to versions later than 1.2.13 and 2.0.27 respectively. For libldap2, ldap-gateways, openldap12-1.2.13, openldap-1.2.13, and openldap-2.0.27, at the moment, there is no information about a newer version that contains a fix for this vulnerability.