February 12, 2002

Mandrake: 'openldap' privilege violation

Author: JT Smith

Poste at LinuxSecurity.com: A problem exists in all versions of OpenLDAP from 2.0.0 through 2.0.19
where permissions are not properly checked using access control lists
when a user tries to remove an attribute from an object in the
directory by replacing it's values with an empty list. Schema checking
is still enforced, so a user can only remove attributes that the schema
does not require the object to possess.


  • Linux
Click Here!