CVE-2024-23333
published 2024-03-18CVE-2024-23333: LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log…
PriorityP350medium6.6CVSS 3.1
AVNACHPRHUINSUCHIHAH
EPSS
17.87%
96.8th percentile
LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ldap-account-manager | < ldap-account-manager 8.7-1 (forky) | ldap-account-manager 8.7-1 (forky) |
| debian | ldap-account-manager | < ldap-account-manager 9.0-1 (forky) | ldap-account-manager 9.0-1 (forky) |
| ldap-account-manager | ldap_account_manager | < 8.7 | 8.7 |
| ldapaccountmanager | lam | < 9.0 | 9.0 |
CVSS provenance
nvdv3.16.6MEDIUMCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
osv6.6MEDIUM
vendor_debian7.9HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2024-23333: ldap-account-manager - LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LD...
vendor_debian·2024·CVSS 7.9
CVE-2024-23333 [HIGH] CVE-2024-23333: ldap-account-manager - LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LD...
LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.
Scope: local
bookworm: open
bullseye: open
forky: resolve
Debian
CVE-2024-52792: ldap-account-manager - LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users...
vendor_debian·2024·CVSS 7.9
CVE-2024-52792 [HIGH] CVE-2024-52792: ldap-account-manager - LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users...
LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config values and thus effectively bypassing `mitigation` of CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Configuration values for the main config or server profiles are set via `mainmanage.php` and `confmain.php`. The values are written to `config.cfg` or `serverprofile.conf` in the format of `settingsName: settingsValue` line-by-line. An attacker can smuggle arbitrary config values in a config file, by inserting a newline into certain config fields, followed by the value. This vulnerability has been addressed
OSV
CVE-2024-52792: LDAP Account Manager (LAM) is a php webfrontend for managing entries (e
osv·2024-12-17·CVSS 6.6
CVE-2024-52792 [MEDIUM] CVE-2024-52792: LDAP Account Manager (LAM) is a php webfrontend for managing entries (e
LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config values and thus effectively bypassing `mitigation` of CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Configuration values for the main config or server profiles are set via `mainmanage.php` and `confmain.php`. The values are written to `config.cfg` or `serverprofile.conf` in the format of `settingsName: settingsValue` line-by-line. An attacker can smuggle arbitrary config values in a config file, by inserting a newline into certain config fields, followed by the value. This vulnerability has been addressed
OSV
CVE-2024-23333: LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory
osv·2024-03-18·CVSS 6.6
CVE-2024-23333 [MEDIUM] CVE-2024-23333: LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory
LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.
Suricata
ET WEB_SPECIFIC_APPS Contec SolarView Compact downloader.php Command Injection Attempt (CVE-2023-23333)
suricata·2024-03-15·CVSS 9.8
CVE-2023-23333 [CRITICAL] ET WEB_SPECIFIC_APPS Contec SolarView Compact downloader.php Command Injection Attempt (CVE-2023-23333)
ET WEB_SPECIFIC_APPS Contec SolarView Compact downloader.php Command Injection Attempt (CVE-2023-23333)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Contec SolarView Compact downloader.php Command Injection Attempt (CVE-2023-23333)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/downloader.php?file|3d 3b|"; fast_pattern; startswith; reference:url,attackerkb.com/topics/kE3lzTZGV2/cve-2023-23333; reference:cve,2023-23333; classtype:attempted-admin; sid:2051668; rev:1; metadata:affected_product CONTEC_SolvarView, attack_target Networking_Equipment, tls_state plaintext, created_at 2024_03_15, cve CVE_2023_23333, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_03_15, mitre_tactic_id T
No public exploits indexed.
No writeups or analysis indexed.
2024-03-18
Published