CVE-2006-7191 Affecting ldap-account-manager package, versions <1.0.0-1


Severity

Recommended
medium

Based on Debian security rating.

Threat Intelligence

EPSS
0.06% (28th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN13-LDAPACCOUNTMANAGER-5683986
  • published3 Apr 2007
  • disclosed3 Apr 2007

Introduced: 3 Apr 2007

CVE-2006-7191  (opens in a new tab)

How to fix?

Upgrade Debian:13 ldap-account-manager to version 1.0.0-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream ldap-account-manager package and not the ldap-account-manager package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.

CVSS Scores

version 3.1