[prev in list] [next in list] [prev in thread] [next in thread]
List: kroupware
Subject: Re: [OpenPKG-SA-2004.019] OpenPKG Security Advisory (kolab)
From: Thomas Lotterer <thl () dev ! de ! cw ! com>
Date: 2004-05-06 9:56:10
Message-ID: 20040506095610.GB78746 () dev ! de ! cw ! com
[Download RAW message or body]
On Wed, May 05, 2004, Jon Bendtsen wrote:
Jon,
> I dont understand how serious this is. Can an remote attacker gain
> access?
>
an attacker must be able to read your local slapd.conf first. It
contains information which would allow him to connect to OpenLDAP to
view and even modify and delete information.
Such operations can be done remotely if sldap listens to an public
interface and TCP port 389 (LDAP) or TCP port 636 (LDAPS) are
accessible. In theory, things can be worse if a host uses the same
Directory for Unix shell authorization (i.e. via PAM LDAP module) ...
--
Thomas.Lotterer@cw.com, Cable & Wireless
_______________________________________________
Kolab-users mailing list
Kolab-users@kolab.org
https://kolab.org/mailman/listinfo/kolab-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic