https://www.exploit-db.com/exploits/19946
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200004-056

LinuxOpenLDAP服务器存在漏洞，本地用户可以通过符号连接攻击修改任意文件。

source: http://www.securityfocus.com/bid/1232/info

A vulnerability exists in OpenLDAP as shipped with some versions of Linux, including RedHat 6.1 and 6.2, and TurboLinux 6.0.2 and earlier. OpenLDAP will create files in /usr/tmp, which is actually a symbolic link to the world writable /tmp directory. As OpenLDAP does not check for a files existence prior to opening the files in /usr/tmp, it is possible for an attacker to point an appropriately named symbolic link at any file on the filesystem, and cause it to be destroyed.

This vulnerability will also affect any Unix system with OpenLDAP assuming the following criteria is true:
1) slapd.conf configures the "directory" variable to be /usr/tmp
2) /usr/tmp is a world writable directory.
3) slurpd was built with the DEFAULT_SLURPD_REPLICA_DIR set to /usr/tmp 

ln -sf /etc/passwd /usr/tmp/NEXTID

来源:CALDERA
名称:CSSA-2000-009.0
链接:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt
来源:TURBO
名称:TLSA2000010-1
链接:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html
来源:BID
名称:1232
链接:http://www.securityfocus.com/bid/1232
来源:REDHAT
名称:RHSA-2000:012
链接:http://www.redhat.com/support/errata/RHSA-2000-012.html