{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<p>OpenLDAP version 2.0.25 et ant\u00e9rieures.</p>","content":"## Description\n\nOpenLDAP est une impl\u00e9mentation de LDAP (Lightweight Directory Access\nProtocol).\n\nPlusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans le paquetage OpenLDAP permettent\n\u00e0 un utilisateur mal intentionn\u00e9 d'ex\u00e9cuter du code arbitraire \u00e0\ndistance sur une machine h\u00e9bergeant un serveur LDAP vuln\u00e9rable.\n\nDe plus, la biblioth\u00e8que OpenLDAP2 contient d'autres vuln\u00e9rabilit\u00e9s\nexploitables en local.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des diff\u00e9rents \u00e9diteurs pour\nconna\u00eetre la disponibilit\u00e9 des correctifs (cf. section Documentation).\n","cves":[],"links":[{"title":"Site de OpenLDAP :","url":"http://www.openldap.org"},{"title":"Bulletin de s\u00e9curit\u00e9 RHSA-2003:040 de Red Hat :","url":"http://rhn.redhat.com/errata/RHSA-2003-040.html"}],"reference":"CERTA-2003-AVI-004","revisions":[{"description":"version initiale.","revision_date":"2003-01-16T00:00:00.000000"},{"description":"Ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 RHSA-2003:040 de Red Hat.","revision_date":"2003-02-07T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 dans OpenLDAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 MDKSA-2003:006 de Mandrake","url":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SuSE-SA:2002:047 de SuSE","url":"http://www.suse.com/de/security/2002_047_openldap2.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 DSA-227 de Debian","url":"http://www.debian.org/security/2003/dsa-227"}]}