The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.
References
Link | Resource |
---|---|
ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P | Broken Link Patch Vendor Advisory |
http://www.ciac.org/ciac/bulletins/n-084.shtml | Broken Link |
http://www.securityfocus.com/bid/7442 | Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/11860 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2003-04-29T04:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2003-03-28T00:00:00
Link: CVE-2003-0174
JSON object: View
NVD Information
Status : Analyzed
Published: 2003-05-12T04:00:00.000
Modified: 2024-02-08T20:45:57.440
Link: CVE-2003-0174
JSON object: View
Redhat Information
No data.
CWE