CVE-2005-4442

Name of the Vulnerable Software and Affected Versions OpenLDAP versions prior to 2.2.28-r3

Description The issue concerns an untrusted search path vulnerability in OpenLDAP, which can be exploited by local users in the portage group to gain privileges. This is achieved by placing a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. Multiple vulnerabilities in the OpenLDAP package can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited locally.

Recommendations For OpenLDAP versions prior to 2.2.28-r3, update to version 2.2.28-r3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Portage temporary build directory to minimize the risk of exploitation.