CVE-2016-9167 - OpenCVE

NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Novell	Edirectory

Configuration 1 [-]

cpe:2.3:a:novell:edirectory:*:hotfix2:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/97315
https://www.novell.com/support/kb/doc.php?id=7016794

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microfocus

Published: 2017-03-23T06:36:00

Updated: 2021-01-06T16:15:52

Reserved: 2016-11-03T00:00:00

Link: CVE-2016-9167

JSON object: View

NVD Information

Status : Modified

Published: 2017-03-23T06:59:00.563

Modified: 2023-11-07T02:36:48.227

Link: CVE-2016-9167

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "Novell eDirectory", "vendor": "n/a", "versions": [{"status": "affected", "version": "Novell eDirectory"}]}], "datePublic": "2017-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL."}], "problemTypes": [{"descriptions": [{"description": "privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:52", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.novell.com/support/kb/doc.php?id=7016794"}, {"name": "97315", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97315"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2016-9167", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Novell eDirectory", "version": {"version_data": [{"version_value": "Novell eDirectory"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "privilege escalation"}]}]}, "references": {"reference_data": [{"name": "https://www.novell.com/support/kb/doc.php?id=7016794", "refsource": "CONFIRM", "url": "https://www.novell.com/support/kb/doc.php?id=7016794"}, {"name": "97315", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97315"}]}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2016-9167", "datePublished": "2017-03-23T06:36:00", "dateReserved": "2016-11-03T00:00:00", "dateUpdated": "2021-01-06T16:15:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:edirectory:*:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "D55F5A25-28B0-425B-81D3-70B76D43635E", "versionEndIncluding": "9.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL."}, {"lang": "es", "value": "NDSD en Novell eDirectory en versiones anteriores a 9.0.2 no calcul\u00f3 correctamente ACLs en objetos LDAP a trav\u00e9s de l\u00edmites de partici\u00f3n, lo que podr\u00eda provocar una escalada de privilegios por la modificaci\u00f3n de los atributos de usuario lo que podr\u00eda conducir a una escalada de privilegios modificando atributos de usuario que de otro modo ser\u00edan filtrados por una ACL."}], "id": "CVE-2016-9167", "lastModified": "2023-11-07T02:36:48.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-23T06:59:00.563", "references": [{"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/97315"}, {"source": "security@opentext.com", "url": "https://www.novell.com/support/kb/doc.php?id=7016794"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}