CVE-2003-0174

CRITICAL

9.8

Description

The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie5/12/2003

Derniere modification4/16/2026

Sourcenvd

Observations honeypot0

Produits affectes

sgi:irix

Faiblesses (CWE)

CWE-346

References

ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P(cve@mitre.org)

http://www.ciac.org/ciac/bulletins/n-084.shtml(cve@mitre.org)

http://www.securityfocus.com/bid/7442(cve@mitre.org)

https://exchange.xforce.ibmcloud.com/vulnerabilities/11860(cve@mitre.org)

ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P(af854a3a-2127-422b-91ae-364da2661108)

http://www.ciac.org/ciac/bulletins/n-084.shtml(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/7442(af854a3a-2127-422b-91ae-364da2661108)

https://exchange.xforce.ibmcloud.com/vulnerabilities/11860(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.