CVE-2014-9713

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
openldapopenldap
2.4.23
openldapopenldap
2.4.24
openldapopenldap
2.4.25
openldapopenldap
2.4.26
openldapopenldap
2.4.27
openldapopenldap
2.4.28
openldapopenldap
2.4.29
openldapopenldap
2.4.30
openldapopenldap
2.4.31
openldapopenldap
2.4.32
openldapopenldap
2.4.33
openldapopenldap
2.4.34
openldapopenldap
2.4.35
openldapopenldap
2.4.36
openldapopenldap
2.4.37
openldapopenldap
2.4.38
openldapopenldap
2.4.39
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openldap
bullseye (security)
2.4.57+dfsg-3+deb11u1
fixed
bullseye
2.4.57+dfsg-3+deb11u1
fixed
bookworm
2.5.13+dfsg-5
fixed
sid
2.5.18+dfsg-3
fixed
trixie
2.5.18+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openldap
vivid
Fixed 2.4.31-1+nmu2ubuntu12.3
released
utopic
ignored
trusty
Fixed 2.4.31-1+nmu2ubuntu8.2
released
precise
Fixed 2.4.28-1.1ubuntu4.6
released
lucid
not-affected
Common Weakness Enumeration
References
http://www.debian.org/security/2015/dsa-3209
http://www.openwall.com/lists/oss-security/2015/03/29/2
http://www.securityfocus.com/bid/73217
http://www.ubuntu.com/usn/USN-2742-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406
http://www.debian.org/security/2015/dsa-3209
http://www.openwall.com/lists/oss-security/2015/03/29/2
http://www.securityfocus.com/bid/73217
http://www.ubuntu.com/usn/USN-2742-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406