CVE-2006-4600

VMware Security Advisory 2007-0006

Severity Score

8.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).

slapd en OpenLDAP anterior a 2.3.25 permite a un atacante remoto validar a usuarios con privilegios del Access Control List del selfwrite (ACL) para modificar los Distinguished Names (DN) de su elección.

Multiple vulnerabilities have been discovered in several VMware products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that the DHCP server contains an integer overflow vulnerability, an integer underflow vulnerability and another error when handling malformed packets, leading to stack-based buffer overflows or stack corruption. Rafal Wojtczvk (McAfee) discovered two unspecified errors that allow authenticated users with administrative or login privileges on a guest operating system to corrupt memory or cause a Denial of Service. Another unspecified vulnerability related to untrusted virtual machine images was discovered. Versions less than 6.0.1.55017 are affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-09-06 CVE Reserved
2006-09-07 CVE Published
2024-08-07 CVE Updated
2025-04-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (31)

URL	Tag	Source
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html	Mailing List
http://secunia.com/advisories/22219	Third Party Advisory
http://secunia.com/advisories/22273	Third Party Advisory
http://secunia.com/advisories/22300	Third Party Advisory
http://secunia.com/advisories/25098	Third Party Advisory
http://secunia.com/advisories/25628	Third Party Advisory
http://secunia.com/advisories/25676	Third Party Advisory
http://secunia.com/advisories/25894	Third Party Advisory
http://secunia.com/advisories/26909	Third Party Advisory
http://secunia.com/advisories/27706	Third Party Advisory
http://securitytracker.com/id?1016783	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm	X_refsource_confirm
http://www.securityfocus.com/archive/1/447395/100/200/threaded	Mailing List
http://www.vupen.com/english/advisories/2007/2186	Vdb Entry
http://www.vupen.com/english/advisories/2007/3229	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/28772	Vdb Entry
https://issues.rpath.com/browse/RPL-667	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618	Signature

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/21721	2018-10-17
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587	2018-10-17
http://www.openldap.org/lists/openldap-announce/200608/msg00000.html	2018-10-17
http://www.openldap.org/software/release/changes.html	2018-10-17
http://www.securityfocus.com/bid/19832	2018-10-17

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc	2018-10-17
http://security.gentoo.org/glsa/glsa-200711-23.xml	2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:171	2018-10-17
http://www.redhat.com/support/errata/RHSA-2007-0310.html	2018-10-17
http://www.redhat.com/support/errata/RHSA-2007-0430.html	2018-10-17
http://www.trustix.org/errata/2006/0055	2018-10-17
https://access.redhat.com/security/cve/CVE-2006-4600	2007-06-07
https://bugzilla.redhat.com/show_bug.cgi?id=1618198	2007-06-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openldap Search vendor "Openldap"		Openldap Search vendor "Openldap" for product "Openldap"				2.0.20 Search vendor "Openldap" for product "Openldap" and version "2.0.20"		-		Affected
Openldap Search vendor "Openldap"		Openldap Search vendor "Openldap" for product "Openldap"				2.0.21 Search vendor "Openldap" for product "Openldap" and version "2.0.21"		-		Affected
Openldap Search vendor "Openldap"		Openldap Search vendor "Openldap" for product "Openldap"				2.0.22 Search vendor "Openldap" for product "Openldap" and version "2.0.22"		-		Affected
Openldap Search vendor "Openldap"		Openldap Search vendor "Openldap" for product "Openldap"				2.0.23 Search vendor "Openldap" for product "Openldap" and version "2.0.23"		-		Affected
Openldap Search vendor "Openldap"		Openldap Search vendor "Openldap" for product "Openldap"				2.0.24 Search vendor "Openldap" for product "Openldap" and version "2.0.24"		-		Affected