Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0336Mandrake Linux vulnerability

6 documents6 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 71.27%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Mandrakesoft Mandrake LinuxOpenldapRedhat Linux+1 more
Timeline
PublishedApr 21
Latest updateMay 3

Description

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

NVDredhat/linux6.1, 6.2+1
NVDopenldap/openldap4 versions+3
NVDturbolinux/turbolinux4.2, 4.4, 6.0.2+2

Patches

Patch: ftp.calderasystems.comPatch: ftp.calderasystems.com

🔴Vulnerability Details

2
GHSA
GHSA-7rcw-76jx-qx7m: Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack2022-05-03
CVEList
CVE-2000-0336: Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack2000-07-12

💥Exploits & PoCs

1
Exploit-DB
OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink2000-04-21

📋Vendor Advisories

1
Red Hat
security flaw2000-04-13

💬Community

1
Bugzilla
CVE-2000-0336 security flaw2018-08-16
CVE-2000-0336 — Mandrake Linux vulnerability | cvebase