CVE-2022-31087

Published: Jun 27, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of writing files under www-data privileges can write a web-shell into this directory, and gain a Code Execution on the host. This issue has been fixed in version 8.0. Users unable to upgrade should disallow executing PHP scripts in (/var/lib/ldap-account-manager/)tmp directory.

Affected (2)

Products: Ldap Account Manager: Ldap Account Manager · Debian: Debian Linux

Ldap Account Manager

1 product

Ldap Account Manager

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ldap Account Manager Ldap Account Manager	Before 8.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Related CWEs

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (6)

https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q8g5-45m4-q95p

Source: security-advisories@github.com

Third Party Advisory

https://www.debian.org/security/2022/dsa-5177

Source: security-advisories@github.com

Third Party Advisory

https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q8g5-45m4-q95p

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2022/dsa-5177

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.