CVE-2006-7191

Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 1.0.0

Description: The issue concerns an untrusted search path vulnerability in the lamdaemon.pl script of LDAP Account Manager. This vulnerability allows local users to gain privileges by modifying the PATH environment variable to point to a malicious program, such as a modified rm program. Additionally, there are multiple vulnerabilities in the ldap-account-manager package that can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a local attacker.

Recommendations: For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the lamdaemon.pl script and ensuring that the PATH environment variable is properly set to prevent malicious program execution.