CVE-2005-4443

Name of the Vulnerable Software and Affected Versions openldap versions prior to 2.2.28-r3 Gauche versions prior to 0.8.6-r1

Description The issue concerns multiple vulnerabilities in the openldap package and an untrusted search path vulnerability in Gauche. These vulnerabilities can be exploited locally, potentially leading to breaches of confidentiality, integrity, and availability of protected information. In the case of Gauche, local users in the portage group can gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

Recommendations For openldap versions prior to 2.2.28-r3, update to version 2.2.28-r3 or later to resolve the issue. For Gauche versions prior to 0.8.6-r1, update to version 0.8.6-r1 or later to address the untrusted search path vulnerability. As a temporary workaround for Gauche, consider restricting access to the Portage temporary build directory to minimize the risk of exploitation.