Red Hat Bugzilla – Bug 205827
CVE-2006-4600 openldap improper selfwrite access
Last modified: 2007-11-30 17:11:42 EST
openldap improper selfwrite access
The way openldap handles selfwrite access is broken. Users with
selfwrite access should only be able to add/remove their own DN to the
target, but via this bug any DN may be modified.
This was fixed upstream in version 2.3.25
A reproducer can be found here:
openldap-2.3.30-2.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.