Vulnerability Details : CVE-2006-7191
Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.
Products affected by CVE-2006-7191
- cpe:2.3:a:ldap_account_manager:ldap_account_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-7191
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-7191
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2006-7191
-
http://www.us.debian.org/security/2007/dsa-1287
-
http://www.securityfocus.com/bid/23857
-
http://lam.sourceforge.net/changelog/index.htm
Encountered a 404 error
-
http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33
CVS Info for project lam
-
http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl
CVS Info for project lam
Jump to