CVE-2003-0174

CRITICAL

9.8

Beschreibung

The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht5/12/2003

Zuletzt geandert4/16/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

sgi:irix

Schwachen (CWE)

CWE-346

Referenzen

ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P(cve@mitre.org)

http://www.ciac.org/ciac/bulletins/n-084.shtml(cve@mitre.org)

http://www.securityfocus.com/bid/7442(cve@mitre.org)

https://exchange.xforce.ibmcloud.com/vulnerabilities/11860(cve@mitre.org)

ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P(af854a3a-2127-422b-91ae-364da2661108)

http://www.ciac.org/ciac/bulletins/n-084.shtml(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/7442(af854a3a-2127-422b-91ae-364da2661108)

https://exchange.xforce.ibmcloud.com/vulnerabilities/11860(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.