PT-2008-3818 · Openldap Foundation+1 · Openldap+1

Published

2008-09-16

Updated

2017-08-08

CVE-2008-2330

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Mac OS X versions 10.5 through 10.5.4

Description: The issue is related to an insecure file operation in the slapconfig component of Directory Services, allowing local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator. This is due to the use of the mkfifo function.

Recommendations: For Mac OS X versions 10.5 through 10.5.4, consider restricting access to the slapconfig component until a fix is available, and avoid using the mkfifo function in sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-2330

Affected Products

Macos X

Openldap

PT-2008-3818 · Openldap Foundation+1 · Openldap+1

CVE-2008-2330

Weakness Enumeration

Related Identifiers

Affected Products

References · 8