CVE-2003-0174

CWE-3463 documents3 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 41.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SGI Irix
Timeline
PublishedMay 12
Latest updateMay 3

Description

The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDsgi/irix6.5.19

Patches

Patch: patches.sgi.comPatch: www.securityfocus.comPatch: patches.sgi.com

🔴Vulnerability Details

2
GHSA
GHSA-7hxr-6x6c-cjh6: The LDAP name service (nsd) in IRIX 62022-05-03
CVEList
CVE-2003-0174: The LDAP name service (nsd) in IRIX 62003-04-29
CVE-2003-0174 (CRITICAL CVSS 9.8) | The LDAP name service (nsd) in IRIX | cvebase.io