Fluid Attacks Database

Description

Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	ldap-account-manager	>=0 <1.0.0-1	1.0.0-1
debian 12	ldap-account-manager	>=0 <1.0.0-1	1.0.0-1
debian 13	ldap-account-manager	>=0 <1.0.0-1	1.0.0-1

Aliases

1. CVE-2006-71912. NVD-2006-71913. OSV-DEBIAN-2006-71914. OSV-2006-71915. SECURITY-TRACKER-CVE-2006-7191

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.