CVE-2006-7191 — External Control of Critical State Data in Ldap-account-manager

CWE-642 — External Control of Critical State Data5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 79.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Ldap-account-manager Ldap Account Manager

Timeline

PublishedApr 3

Latest updateMay 1

Description

Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/ldap-account-manager< ldap-account-manager 1.0.0-1 (bookworm)

▶NVDldap_account_manager/ldap_account_manager1.0_rc2

🔴Vulnerability Details

GHSA

GHSA-956h-rg8g-q33w: Untrusted search path vulnerability in lamdaemon↗2022-05-01

▶

OSV

CVE-2006-7191: Untrusted search path vulnerability in lamdaemon↗2007-04-03

▶

📋Vendor Advisories

Debian

CVE-2006-7191: ldap-account-manager - Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM...↗2006

▶

📐Framework References

CWE

External Control of Critical State Data↗

▶