All the vulnerabilites related to fedoraproject - 389_directory_server
cve-2010-3282
Vulnerability from cvelistv5
Published
2020-01-09 20:52
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
References
| ▼ | URL | Tags |
|---|---|---|
| http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914 | vdb-entry, signature, x_refsource_OVAL | |
| https://bugzilla.redhat.com/show_bug.cgi?id=625950 | x_refsource_CONFIRM | |
| https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06 | x_refsource_CONFIRM | |
| https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633&docLocale=en_US | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | 389 Directory Server |
Version: before 1.2.7.1 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6914",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633\u0026docLocale=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389 Directory Server",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "before 1.2.7.1"
}
]
},
{
"product": "HP-UX Directory Server",
"vendor": "HP",
"versions": [
{
"status": "affected",
"version": "before B.08.10.03"
}
]
}
],
"datePublic": "2010-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T20:52:18",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6914",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633\u0026docLocale=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389 Directory Server",
"version": {
"version_data": [
{
"version_value": "before 1.2.7.1"
}
]
}
}
]
},
"vendor_name": "Red Hat"
},
{
"product": {
"product_data": [
{
"product_name": "HP-UX Directory Server",
"version": {
"version_data": [
{
"version_value": "before B.08.10.03"
}
]
}
}
]
},
"vendor_name": "HP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6914",
"refsource": "OVAL",
"url": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=625950",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625950"
},
{
"name": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06",
"refsource": "CONFIRM",
"url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633\u0026docLocale=en_US",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633\u0026docLocale=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2010-3282",
"datePublished": "2020-01-09T20:52:18",
"dateReserved": "2010-09-13T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8105
Vulnerability from cvelistv5
Published
2015-03-10 14:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2015-0416.html | vendor-advisory, x_refsource_REDHAT | |
| http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2015-0628.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
},
{
"name": "RHSA-2015:0416",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
},
{
"name": "RHSA-2015:0628",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0628.html"
},
{
"name": "FEDORA-2015-3368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-03T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
},
{
"name": "RHSA-2015:0416",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
},
{
"name": "RHSA-2015:0628",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0628.html"
},
{
"name": "FEDORA-2015-3368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8105",
"datePublished": "2015-03-10T14:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14624
Vulnerability from cvelistv5
Published
2018-09-06 13:00
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2757 | vendor-advisory, x_refsource_REDHAT | |
| https://pagure.io/389-ds-base/issue/49937 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | [UNKNOWN] | 389-ds-base |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/issue/49937"
},
{
"name": "[debian-lts-announce] 20180929 [SECURITY] [DLA 1526-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "[UNKNOWN]",
"versions": [
{
"lessThanOrEqual": "1.4.0.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.3.8.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.3.7.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-15T20:06:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pagure.io/389-ds-base/issue/49937"
},
{
"name": "[debian-lts-announce] 20180929 [SECURITY] [DLA 1526-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-14624",
"datePublished": "2018-09-06T13:00:00",
"dateReserved": "2018-07-27T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0833
Vulnerability from cvelistv5
Published
2012-07-03 16:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-0813.html | vendor-advisory, x_refsource_REDHAT | |
| https://fedorahosted.org/389/ticket/162 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/49562 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/48035 | third-party-advisory, x_refsource_SECUNIA | |
| https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:0813",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/389/ticket/162"
},
{
"name": "49562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49562"
},
{
"name": "48035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48035"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-03T16:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:0813",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/389/ticket/162"
},
{
"name": "49562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49562"
},
{
"name": "48035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48035"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0833",
"datePublished": "2012-07-03T16:00:00Z",
"dateReserved": "2012-01-19T00:00:00Z",
"dateUpdated": "2024-08-06T18:38:14.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3883
Vulnerability from cvelistv5
Published
2019-04-17 00:00
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Red Hat | 389-ds-base |
Version: affects up to 1.4.1.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1779-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00008.html"
},
{
"name": "RHSA-2019:1896",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1896"
},
{
"name": "RHSA-2019:3401",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3401"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3883"
},
{
"tags": [
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/issue/50329"
},
{
"tags": [
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/pull-request/50331"
},
{
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "affects up to 1.4.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most \u0027ioblocktimeout\u0027 seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1779-1] 389-ds-base security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00008.html"
},
{
"name": "RHSA-2019:1896",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1896"
},
{
"name": "RHSA-2019:3401",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3401"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3883"
},
{
"url": "https://pagure.io/389-ds-base/issue/50329"
},
{
"url": "https://pagure.io/389-ds-base/pull-request/50331"
},
{
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3883",
"datePublished": "2019-04-17T00:00:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0019
Vulnerability from cvelistv5
Published
2011-02-23 18:00
Modified
2024-08-06 21:36
Severity ?
EPSS score ?
Summary
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1025102 | vdb-entry, x_refsource_SECTRACK | |
| https://bugzilla.redhat.com/show_bug.cgi?id=666076 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=670914 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2011-0293.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/46489 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1025102",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025102"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=670914"
},
{
"name": "RHSA-2011:0293",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"name": "46489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-31T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1025102",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025102"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=670914"
},
{
"name": "RHSA-2011:0293",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"name": "46489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46489"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0019",
"datePublished": "2011-02-23T18:00:00",
"dateReserved": "2010-12-07T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10171
Vulnerability from cvelistv5
Published
2019-08-02 13:49
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10171 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RedHat | 389-ds-base |
Version: 1.4.0.x before 1.4.0.17 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "RedHat",
"versions": [
{
"status": "affected",
"version": "1.4.0.x before 1.4.0.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "1.4.0.x before 1.4.0.17"
}
]
}
}
]
},
"vendor_name": "RedHat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10171",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10171",
"datePublished": "2019-08-02T13:49:35",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:10.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4283
Vulnerability from cvelistv5
Published
2013-09-10 19:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1182.html | vendor-advisory, x_refsource_REDHAT | |
| http://directory.fedoraproject.org/wiki/Releases/1.3.0.8 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/54650 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/54586 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=999634 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1182",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1182.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8"
},
{
"name": "54650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54650"
},
{
"name": "54586",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54586"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-10T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1182",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1182.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8"
},
{
"name": "54650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54650"
},
{
"name": "54586",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54586"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999634"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4283",
"datePublished": "2013-09-10T19:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-08-06T16:38:01.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2678
Vulnerability from cvelistv5
Published
2012-07-03 16:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/49734 | third-party-advisory, x_refsource_SECUNIA | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083 | vendor-advisory, x_refsource_HP | |
| http://osvdb.org/83336 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/54153 | vdb-entry, x_refsource_BID | |
| http://directory.fedoraproject.org/wiki/Release_Notes | x_refsource_CONFIRM | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083 | vendor-advisory, x_refsource_HP | |
| http://rhn.redhat.com/errata/RHSA-2012-1041.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-0997.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:19353",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353"
},
{
"name": "49734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49734"
},
{
"name": "SSRT101189",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "83336",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/83336"
},
{
"name": "54153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"name": "HPSBUX02881",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "RHSA-2012:1041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"name": "RHSA-2012:0997",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:19353",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353"
},
{
"name": "49734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49734"
},
{
"name": "SSRT101189",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "83336",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/83336"
},
{
"name": "54153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"name": "HPSBUX02881",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "RHSA-2012:1041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"name": "RHSA-2012:0997",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:19353",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353"
},
{
"name": "49734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49734"
},
{
"name": "SSRT101189",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "83336",
"refsource": "OSVDB",
"url": "http://osvdb.org/83336"
},
{
"name": "54153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54153"
},
{
"name": "http://directory.fedoraproject.org/wiki/Release_Notes",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"name": "HPSBUX02881",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "RHSA-2012:1041",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"name": "RHSA-2012:0997",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2678",
"datePublished": "2012-07-03T16:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10850
Vulnerability from cvelistv5
Published
2018-06-13 20:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2757 | vendor-advisory, x_refsource_REDHAT | |
| https://pagure.io/389-ds-base/issue/49768 | x_refsource_CONFIRM | |
| https://pagure.io/389-ds-base/c/8f04487f99a | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | [UNKNOWN] | 389-ds-base |
Version: 389-ds-base 1.4.0.10 Version: 389-ds-base 1.3.8.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/issue/49768"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/c/8f04487f99a"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "389-ds-base 1.4.0.10"
},
{
"status": "affected",
"version": "389-ds-base 1.3.8.3"
}
]
}
],
"datePublic": "2018-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-15T20:06:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/389-ds-base/issue/49768"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/389-ds-base/c/8f04487f99a"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "389-ds-base 1.4.0.10"
},
{
"version_value": "389-ds-base 1.3.8.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2757",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"name": "https://pagure.io/389-ds-base/issue/49768",
"refsource": "CONFIRM",
"url": "https://pagure.io/389-ds-base/issue/49768"
},
{
"name": "https://pagure.io/389-ds-base/c/8f04487f99a",
"refsource": "CONFIRM",
"url": "https://pagure.io/389-ds-base/c/8f04487f99a"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"
},
{
"name": "openSUSE-SU-2019:1397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10850",
"datePublished": "2018-06-13T20:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8112
Vulnerability from cvelistv5
Published
2015-03-10 14:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.
References
| ▼ | URL | Tags |
|---|---|---|
| http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1172729 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2015-0416.html | vendor-advisory, x_refsource_REDHAT | |
| http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729"
},
{
"name": "RHSA-2015:0416",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
},
{
"name": "FEDORA-2015-3368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores \"unhashed\" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-03T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729"
},
{
"name": "RHSA-2015:0416",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
},
{
"name": "FEDORA-2015-3368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8112",
"datePublished": "2015-03-10T14:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2668
Vulnerability from cvelistv5
Published
2018-06-22 13:00
Modified
2024-08-05 14:02
Severity ?
EPSS score ?
Summary
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:0920 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668 | x_refsource_CONFIRM | |
| https://pagure.io/389-ds-base/issue/49220 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97524 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:0893 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | [UNKNOWN] | 389-ds-base |
Version: 389-ds-base 1.3.5.17 Version: 389-ds-base 1.3.6.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0920",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0920"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/issue/49220"
},
{
"name": "97524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97524"
},
{
"name": "RHSA-2017:0893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "389-ds-base 1.3.5.17"
},
{
"status": "affected",
"version": "389-ds-base 1.3.6.10"
}
]
}
],
"datePublic": "2017-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-23T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:0920",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0920"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/389-ds-base/issue/49220"
},
{
"name": "97524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97524"
},
{
"name": "RHSA-2017:0893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "389-ds-base 1.3.5.17"
},
{
"version_value": "389-ds-base 1.3.6.10"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0920",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0920"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668"
},
{
"name": "https://pagure.io/389-ds-base/issue/49220",
"refsource": "CONFIRM",
"url": "https://pagure.io/389-ds-base/issue/49220"
},
{
"name": "97524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97524"
},
{
"name": "RHSA-2017:0893",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2668",
"datePublished": "2018-06-22T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1089
Vulnerability from cvelistv5
Published
2018-05-09 15:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104137 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:1364 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:1380 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | unspecified | 389-ds-base |
Version: 389-ds-base 1.4.0.9 Version: 389-ds-base 1.3.8.1 Version: 389-ds-base 1.3.6.15 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104137",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104137"
},
{
"name": "RHSA-2018:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1364"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089"
},
{
"name": "RHSA-2018:1380",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1380"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "389-ds-base 1.4.0.9"
},
{
"status": "affected",
"version": " 389-ds-base 1.3.8.1"
},
{
"status": "affected",
"version": " 389-ds-base 1.3.6.15"
}
]
}
],
"datePublic": "2018-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-16T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "104137",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104137"
},
{
"name": "RHSA-2018:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1364"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089"
},
{
"name": "RHSA-2018:1380",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1380"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "389-ds-base 1.4.0.9"
},
{
"version_value": " 389-ds-base 1.3.8.1"
},
{
"version_value": " 389-ds-base 1.3.6.15"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104137"
},
{
"name": "RHSA-2018:1364",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1364"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089"
},
{
"name": "RHSA-2018:1380",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1380"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1089",
"datePublished": "2018-05-09T15:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T03:51:48.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4746
Vulnerability from cvelistv5
Published
2011-02-23 18:00
Modified
2024-09-16 16:22
Severity ?
EPSS score ?
Summary
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019.
References
| ▼ | URL | Tags |
|---|---|---|
| http://directory.fedoraproject.org/wiki/Release_Notes | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=663597 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=663597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via \"badly behaved applications,\" related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-23T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=663597"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via \"badly behaved applications,\" related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://directory.fedoraproject.org/wiki/Release_Notes",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=663597",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=663597"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4746",
"datePublished": "2011-02-23T18:00:00Z",
"dateReserved": "2011-02-23T00:00:00Z",
"dateUpdated": "2024-09-16T16:22:49.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7551
Vulnerability from cvelistv5
Published
2017-08-16 18:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2569 | vendor-advisory, x_refsource_REDHAT | |
| https://pagure.io/389-ds-base/issue/49336 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | 389 Directory Server | 389-ds-base |
Version: before 1.3.5.19 and 1.3.6.7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2569",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2569"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/issue/49336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "389 Directory Server",
"versions": [
{
"status": "affected",
"version": "before 1.3.5.19 and 1.3.6.7"
}
]
}
],
"datePublic": "2017-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:2569",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2569"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/389-ds-base/issue/49336"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7551",
"datePublished": "2017-08-16T18:00:00Z",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0704
Vulnerability from cvelistv5
Published
2018-05-04 20:00
Modified
2024-08-06 21:58
Severity ?
EPSS score ?
Summary
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=675320 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=676876 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=675320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=676876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=675320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=676876"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0704",
"datePublished": "2018-05-04T20:00:00",
"dateReserved": "2011-01-31T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2219
Vulnerability from cvelistv5
Published
2013-07-31 10:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1119.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=979508 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1116.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1119.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=979508"
},
{
"name": "RHSA-2013:1116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1116.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1119.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=979508"
},
{
"name": "RHSA-2013:1116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1116.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2219",
"datePublished": "2013-07-31T10:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2746
Vulnerability from cvelistv5
Published
2012-07-03 16:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "83329",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/83329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/389/ticket/365"
},
{
"name": "49734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49734"
},
{
"name": "389directory-logging-info-disclosure(76595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76595"
},
{
"name": "SSRT101189",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "54153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"name": "HPSBUX02881",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "RHSA-2012:1041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"name": "RHSA-2012:0997",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833482"
},
{
"name": "oval:org.mitre.oval:def:19241",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "83329",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/83329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/389/ticket/365"
},
{
"name": "49734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49734"
},
{
"name": "389directory-logging-info-disclosure(76595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76595"
},
{
"name": "SSRT101189",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "54153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"name": "HPSBUX02881",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "RHSA-2012:1041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"name": "RHSA-2012:0997",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833482"
},
{
"name": "oval:org.mitre.oval:def:19241",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "83329",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83329"
},
{
"name": "https://fedorahosted.org/389/ticket/365",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/389/ticket/365"
},
{
"name": "49734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49734"
},
{
"name": "389directory-logging-info-disclosure(76595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76595"
},
{
"name": "SSRT101189",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "54153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54153"
},
{
"name": "http://directory.fedoraproject.org/wiki/Release_Notes",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"name": "HPSBUX02881",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "RHSA-2012:1041",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"name": "RHSA-2012:0997",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=833482",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833482"
},
{
"name": "oval:org.mitre.oval:def:19241",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2746",
"datePublished": "2012-07-03T16:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14638
Vulnerability from cvelistv5
Published
2018-09-14 19:00
Modified
2024-08-05 09:38
Severity ?
EPSS score ?
Summary
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2757 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638 | x_refsource_CONFIRM | |
| https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fedora Project | 389-ds-base |
Version: 1.3.8.4-13 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "Fedora Project",
"versions": [
{
"status": "affected",
"version": "1.3.8.4-13"
}
]
}
],
"datePublic": "2018-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "1.3.8.4-13"
}
]
}
}
]
},
"vendor_name": "Fedora Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2757",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
},
{
"name": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73",
"refsource": "CONFIRM",
"url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-14638",
"datePublished": "2018-09-14T19:00:00",
"dateReserved": "2018-07-27T00:00:00",
"dateUpdated": "2024-08-05T09:38:13.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0532
Vulnerability from cvelistv5
Published
2011-02-23 18:00
Modified
2024-08-06 21:58
Severity ?
EPSS score ?
Summary
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1025102 | vdb-entry, x_refsource_SECTRACK | |
| https://bugzilla.redhat.com/show_bug.cgi?id=672468 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2011-0293.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65637 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/46489 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1025102",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025102"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672468"
},
{
"name": "RHSA-2011:0293",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"name": "rhds-ldlibrarypath-priv-esc(65637)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65637"
},
{
"name": "46489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1025102",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025102"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672468"
},
{
"name": "RHSA-2011:0293",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"name": "rhds-ldlibrarypath-priv-esc(65637)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65637"
},
{
"name": "46489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46489"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0532",
"datePublished": "2011-02-23T18:00:00",
"dateReserved": "2011-01-20T00:00:00",
"dateUpdated": "2024-08-06T21:58:25.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1067
Vulnerability from cvelistv5
Published
2011-02-23 18:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43566 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=668619 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65769 | vdb-entry, x_refsource_XF | |
| http://directory.fedoraproject.org/wiki/Release_Notes | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43566",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43566"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668619"
},
{
"name": "rhds-simple-paged-dos(65769)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65769"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43566",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43566"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668619"
},
{
"name": "rhds-simple-paged-dos(65769)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65769"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43566",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43566"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=668619",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668619"
},
{
"name": "rhds-simple-paged-dos(65769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65769"
},
{
"name": "http://directory.fedoraproject.org/wiki/Release_Notes",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1067",
"datePublished": "2011-02-23T18:00:00",
"dateReserved": "2011-02-23T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15134
Vulnerability from cvelistv5
Published
2018-03-01 21:00
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0163 | vendor-advisory, x_refsource_REDHAT | |
| https://pagure.io/389-ds-base/c/6aa2acdc3cad9 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1531573 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102790 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Red Hat, Inc. | 389-ds-base |
Version: 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0163"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/c/6aa2acdc3cad9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531573"
},
{
"name": "102790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102790"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5"
}
]
}
],
"datePublic": "2018-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-15T20:06:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0163"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pagure.io/389-ds-base/c/6aa2acdc3cad9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531573"
},
{
"name": "102790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102790"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-01-21T00:00:00",
"ID": "CVE-2017-15134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0163",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0163"
},
{
"name": "https://pagure.io/389-ds-base/c/6aa2acdc3cad9",
"refsource": "MISC",
"url": "https://pagure.io/389-ds-base/c/6aa2acdc3cad9"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1531573",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531573"
},
{
"name": "102790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102790"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name": "openSUSE-SU-2019:1397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15134",
"datePublished": "2018-03-01T21:00:00Z",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-09-16T23:06:25.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14824
Vulnerability from cvelistv5
Published
2019-11-08 14:45
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:3981 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2020:0464 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | [UNKNOWN] | 389-ds-base |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2019:3981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3981"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2004-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
},
{
"name": "RHSA-2020:0464",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0464"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the \u0027deref\u0027 plugin of 389-ds-base where it could use the \u0027search\u0027 permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2019:3981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3981"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2004-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
},
{
"name": "RHSA-2020:0464",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0464"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14824",
"datePublished": "2019-11-08T14:45:46",
"dateReserved": "2019-08-10T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1854
Vulnerability from cvelistv5
Published
2017-09-19 15:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74392 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2015:0895 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1209573 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74392",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74392"
},
{
"name": "RHSA-2015:0895",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0895"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209573"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name": "FEDORA-2015-7206",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-16T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "74392",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74392"
},
{
"name": "RHSA-2015:0895",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0895"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209573"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name": "FEDORA-2015-7206",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1854",
"datePublished": "2017-09-19T15:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4450
Vulnerability from cvelistv5
Published
2012-10-01 01:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=860772 | x_refsource_MISC | |
| https://fedorahosted.org/389/ticket/340 | x_refsource_CONFIRM | |
| http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/50713 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2013-0503.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2012/09/26/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/09/26/5 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/55690 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860772"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/389/ticket/340"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09"
},
{
"name": "50713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50713"
},
{
"name": "RHSA-2013:0503",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0503.html"
},
{
"name": "[oss-security] 20120926 CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/26/3"
},
{
"name": "[oss-security] 20120926 Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/26/5"
},
{
"name": "55690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55690"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-29T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860772"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/389/ticket/340"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09"
},
{
"name": "50713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50713"
},
{
"name": "RHSA-2013:0503",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0503.html"
},
{
"name": "[oss-security] 20120926 CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/26/3"
},
{
"name": "[oss-security] 20120926 Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/26/5"
},
{
"name": "55690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55690"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4450",
"datePublished": "2012-10-01T01:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:35:09.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1054
Vulnerability from cvelistv5
Published
2018-03-07 13:00
Modified
2024-09-17 00:11
Severity ?
EPSS score ?
Summary
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pagure.io/389-ds-base/issue/49545 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1537314 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:0414 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2018:0515 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/103228 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Red Hat, Inc. | 389-ds-base |
Version: all versions including upstream 1.4.x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:11.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/issue/49545"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537314"
},
{
"name": "RHSA-2018:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"name": "RHSA-2018:0515",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name": "103228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions including upstream 1.4.x"
}
]
}
],
"datePublic": "2018-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-16T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/389-ds-base/issue/49545"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537314"
},
{
"name": "RHSA-2018:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"name": "RHSA-2018:0515",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name": "103228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-05T00:00:00",
"ID": "CVE-2018-1054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "all versions including upstream 1.4.x"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pagure.io/389-ds-base/issue/49545",
"refsource": "CONFIRM",
"url": "https://pagure.io/389-ds-base/issue/49545"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1537314",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537314"
},
{
"name": "RHSA-2018:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"name": "RHSA-2018:0515",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name": "103228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1054",
"datePublished": "2018-03-07T13:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T00:11:04.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2591
Vulnerability from cvelistv5
Published
2018-04-30 12:00
Modified
2024-08-05 14:02
Severity ?
EPSS score ?
Summary
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pagure.io/389-ds-base/issue/48986 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95670 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | unspecified | 389-ds-base |
Version: 389-ds-base 1.3.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:06.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/issue/48986"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591"
},
{
"name": "95670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "389-ds-base 1.3.6"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the \"attribute uniqueness\" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-01T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/389-ds-base/issue/48986"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591"
},
{
"name": "95670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95670"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "389-ds-base 1.3.6"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the \"attribute uniqueness\" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pagure.io/389-ds-base/issue/48986",
"refsource": "CONFIRM",
"url": "https://pagure.io/389-ds-base/issue/48986"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591"
},
{
"name": "95670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95670"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2591",
"datePublished": "2018-04-30T12:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:06.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10224
Vulnerability from cvelistv5
Published
2019-11-25 00:00
Modified
2024-08-04 22:17
Severity ?
EPSS score ?
Summary
A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Red Hat | 389-ds-base |
Version: 389-ds-base 1.4.x.x before 1.4.1.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/issue/50251"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224"
},
{
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "389-ds-base 1.4.x.x before 1.4.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://pagure.io/389-ds-base/issue/50251"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224"
},
{
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10224",
"datePublished": "2019-11-25T00:00:00",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:17:18.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0132
Vulnerability from cvelistv5
Published
2014-03-18 14:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/57427 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2014-0292.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/57412 | third-party-advisory, x_refsource_SECUNIA | |
| https://fedorahosted.org/389/ticket/47739 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/"
},
{
"name": "57427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57427"
},
{
"name": "RHSA-2014:0292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0292.html"
},
{
"name": "57412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/389/ticket/47739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/"
},
{
"name": "57427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57427"
},
{
"name": "RHSA-2014:0292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0292.html"
},
{
"name": "57412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/389/ticket/47739"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0132",
"datePublished": "2014-03-18T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0312
Vulnerability from cvelistv5
Published
2013-03-13 20:48
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.
References
| ▼ | URL | Tags |
|---|---|---|
| http://directory.fedoraproject.org/wiki/Releases/1.3.0.4 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/52568 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=912964 | x_refsource_MISC | |
| https://fedorahosted.org/389/ticket/571 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/58428 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2013-0628.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/52279 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:09.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.4"
},
{
"name": "52568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52568"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912964"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fedorahosted.org/389/ticket/571"
},
{
"name": "58428",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58428"
},
{
"name": "RHSA-2013:0628",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0628.html"
},
{
"name": "52279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-13T20:48:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.4"
},
{
"name": "52568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52568"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912964"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fedorahosted.org/389/ticket/571"
},
{
"name": "58428",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58428"
},
{
"name": "RHSA-2013:0628",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0628.html"
},
{
"name": "52279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.4",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.4"
},
{
"name": "52568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52568"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=912964",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912964"
},
{
"name": "https://fedorahosted.org/389/ticket/571",
"refsource": "MISC",
"url": "https://fedorahosted.org/389/ticket/571"
},
{
"name": "58428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58428"
},
{
"name": "RHSA-2013:0628",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0628.html"
},
{
"name": "52279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0312",
"datePublished": "2013-03-13T20:48:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-16T19:41:19.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14648
Vulnerability from cvelistv5
Published
2018-09-28 13:00
Modified
2024-08-05 09:38
Severity ?
EPSS score ?
Summary
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2018:3507 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2018:3127 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | [UNKNOWN] | 389-ds-base: |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:12.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20181025 [SECURITY] [DLA 1554-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html"
},
{
"name": "RHSA-2018:3507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3507"
},
{
"name": "RHSA-2018:3127",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3127"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base:",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20181025 [SECURITY] [DLA 1554-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html"
},
{
"name": "RHSA-2018:3507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3507"
},
{
"name": "RHSA-2018:3127",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3127"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base:",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181025 [SECURITY] [DLA 1554-1] 389-ds-base security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html"
},
{
"name": "RHSA-2018:3507",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3507"
},
{
"name": "RHSA-2018:3127",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3127"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-14648",
"datePublished": "2018-09-28T13:00:00",
"dateReserved": "2018-07-27T00:00:00",
"dateUpdated": "2024-08-05T09:38:12.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10871
Vulnerability from cvelistv5
Published
2018-07-18 13:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871 | x_refsource_CONFIRM | |
| https://pagure.io/389-ds-base/issue/49789 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2019:3401 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | [UNKNOWN] | 389-ds-base |
Version: 389-ds-base 1.3.8.5 Version: 389-ds-base 1.4.0.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pagure.io/389-ds-base/issue/49789"
},
{
"name": "[debian-lts-announce] 20180830 [SECURITY] [DLA 1483-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html"
},
{
"name": "RHSA-2019:3401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "389-ds-base 1.3.8.5"
},
{
"status": "affected",
"version": "389-ds-base 1.4.0.12"
}
]
}
],
"datePublic": "2018-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:08:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pagure.io/389-ds-base/issue/49789"
},
{
"name": "[debian-lts-announce] 20180830 [SECURITY] [DLA 1483-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html"
},
{
"name": "RHSA-2019:3401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3401"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "389-ds-base 1.3.8.5"
},
{
"version_value": "389-ds-base 1.4.0.12"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.8/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871"
},
{
"name": "https://pagure.io/389-ds-base/issue/49789",
"refsource": "CONFIRM",
"url": "https://pagure.io/389-ds-base/issue/49789"
},
{
"name": "[debian-lts-announce] 20180830 [SECURITY] [DLA 1483-1] 389-ds-base security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html"
},
{
"name": "RHSA-2019:3401",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3401"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10871",
"datePublished": "2018-07-18T13:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1897
Vulnerability from cvelistv5
Published
2013-05-13 23:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101323.html | vendor-advisory, x_refsource_FEDORA | |
| https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=928105 | x_refsource_CONFIRM | |
| https://fedorahosted.org/freeipa/ticket/3540 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-0742.html | vendor-advisory, x_refsource_REDHAT | |
| https://fedorahosted.org/389/ticket/47308 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:36.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2013-4578",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101323.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11\u0026id=5a18c828533a670e7143327893f8171a19062286"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=928105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/freeipa/ticket/3540"
},
{
"name": "RHSA-2013:0742",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0742.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/389/ticket/47308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-13T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2013-4578",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101323.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11\u0026id=5a18c828533a670e7143327893f8171a19062286"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=928105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/freeipa/ticket/3540"
},
{
"name": "RHSA-2013:0742",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0742.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/389/ticket/47308"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1897",
"datePublished": "2013-05-13T23:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-08-06T15:20:36.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4485
Vulnerability from cvelistv5
Published
2013-11-23 11:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1752.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/55765 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2013-1753.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1752",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1752.html"
},
{
"name": "55765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55765"
},
{
"name": "RHSA-2013:1753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1753.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1752",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1752.html"
},
{
"name": "55765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55765"
},
{
"name": "RHSA-2013:1753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1753.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4485",
"datePublished": "2013-11-23T11:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3230
Vulnerability from cvelistv5
Published
2015-10-29 20:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fedorahosted.org/389/ticket/48194 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html | vendor-advisory, x_refsource_FEDORA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1230996 | x_refsource_CONFIRM | |
| http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/389/ticket/48194"
},
{
"name": "FEDORA-2015-15128",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-29T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/389/ticket/48194"
},
{
"name": "FEDORA-2015-15128",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3230",
"datePublished": "2015-10-29T20:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15135
Vulnerability from cvelistv5
Published
2018-01-24 15:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102811 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1525628 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:0414 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2018:0515 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Red Hat, Inc. | 389-ds-base |
Version: since 1.3.6.1 up to and including 1.4.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102811",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102811"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628"
},
{
"name": "RHSA-2018:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"name": "RHSA-2018:0515",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "since 1.3.6.1 up to and including 1.4.0.3"
}
]
}
],
"datePublic": "2017-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-15T20:06:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "102811",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102811"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628"
},
{
"name": "RHSA-2018:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"name": "RHSA-2018:0515",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15135",
"datePublished": "2018-01-24T15:00:00Z",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3562
Vulnerability from cvelistv5
Published
2014-08-21 14:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-1031.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1123477 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1032.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:1031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123477"
},
{
"name": "RHSA-2014:1032",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-21T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:1031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123477"
},
{
"name": "RHSA-2014:1032",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1032.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3562",
"datePublished": "2014-08-21T14:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0741
Vulnerability from cvelistv5
Published
2016-04-19 21:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fedorahosted.org/389/ticket/48412 | x_refsource_CONFIRM | |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | x_refsource_CONFIRM | |
| https://fedorahosted.org/389/changeset/cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2/ | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-0204.html | vendor-advisory, x_refsource_REDHAT | |
| http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/82343 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/389/ticket/48412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/389/changeset/cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2/"
},
{
"name": "RHSA-2016:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0204.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html"
},
{
"name": "82343",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/82343"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-07T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/389/ticket/48412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/389/changeset/cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2/"
},
{
"name": "RHSA-2016:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0204.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html"
},
{
"name": "82343",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/82343"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fedorahosted.org/389/ticket/48412",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/389/ticket/48412"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "https://fedorahosted.org/389/changeset/cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2/",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/389/changeset/cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2/"
},
{
"name": "RHSA-2016:0204",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0204.html"
},
{
"name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html"
},
{
"name": "82343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82343"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0741",
"datePublished": "2016-04-19T21:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:04.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0022
Vulnerability from cvelistv5
Published
2011-02-23 18:00
Modified
2024-08-06 21:43
Severity ?
EPSS score ?
Summary
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1025102 | vdb-entry, x_refsource_SECTRACK | |
| http://www.redhat.com/support/errata/RHSA-2011-0293.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=671199 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/46489 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:13.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1025102",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025102"
},
{
"name": "RHSA-2011:0293",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=671199"
},
{
"name": "46489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-31T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1025102",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025102"
},
{
"name": "RHSA-2011:0293",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=671199"
},
{
"name": "46489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46489"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0022",
"datePublished": "2011-02-23T18:00:00",
"dateReserved": "2010-12-07T00:00:00",
"dateUpdated": "2024-08-06T21:43:13.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-01-09 21:15
Modified
2024-11-21 01:18
Severity ?
Summary
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | hp-ux_directory_server | * | |
| redhat | redhat_directory_server | * | |
| fedoraproject | 389_directory_server | * | |
| redhat | directory_server | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:hp-ux_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F804818-D589-41B4-B3B0-5F7D522FE7DF",
"versionEndExcluding": "b.08.10.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:redhat_directory_server:*:*:*:*:*:hp-ux:*:*",
"matchCriteriaId": "2513BFA8-9F43-4102-8C65-522955FB8821",
"versionEndExcluding": "b.08.00.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84F57181-500B-47A6-A4E1-827BF398913D",
"versionEndExcluding": "1.2.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E190C97-A279-4EEE-B9C4-1EA888920F80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log."
},
{
"lang": "es",
"value": "389 Directory Server versiones anteriores a 1.2.7.1 (tambi\u00e9n se conoce como Red Hat Directory Server versi\u00f3n 8.2) y HP-UX Directory Server versiones anteriores a B.08.10.03, cuando el registro de auditor\u00eda est\u00e1 habilitado, registra la contrase\u00f1a de Directory Manager (nsslapd-rootpw) en texto sin cifrar cuando se cambia cn=config:nsslapd-rootpw, que podr\u00eda permitir a usuarios locales obtener informaci\u00f3n confidencial mediante la lectura del registro."
}
],
"id": "CVE-2010-3282",
"lastModified": "2024-11-21T01:18:26.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-09T21:15:10.810",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Not Applicable"
],
"url": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625950"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Product"
],
"url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633\u0026docLocale=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633\u0026docLocale=en_US"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-13 20:55
Modified
2024-11-21 01:47
Severity ?
Summary
389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2FD185-D591-44E9-8A59-FBF37E6E4FAF",
"versionEndIncluding": "1.3.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence."
},
{
"lang": "es",
"value": "389 Directory Server anterior a v1.3.0.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una secuencia de control de longitud cero LDAP."
}
],
"id": "CVE-2013-0312",
"lastModified": "2024-11-21T01:47:17.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-13T20:55:02.173",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.4"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0628.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52279"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52568"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58428"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912964"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/389/ticket/571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/389/ticket/571"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-23 19:00
Modified
2024-11-21 01:25
Severity ?
Summary
slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| fedoraproject | 389_directory_server | 1.2.1 | |
| fedoraproject | 389_directory_server | 1.2.2 | |
| fedoraproject | 389_directory_server | 1.2.3 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6.1 | |
| fedoraproject | 389_directory_server | 1.2.7 | |
| fedoraproject | 389_directory_server | 1.2.7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "64C392FC-734E-45AA-86FC-572F78BEAA8A",
"versionEndIncluding": "1.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E9C8D-FFEE-424C-BBA6-42BD4309D18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2E9CEF-F30D-4374-A7E2-052102B602A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8729B-B00B-4871-B083-6B10A5034721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6335FA65-9498-40AF-AE2B-034DA2823821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CF92ADB-B5B0-43D7-93D8-CBA3AE46EB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17F8ED59-E27A-4B9B-8BB8-66FAB2B2DCFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4200CEAB-4E14-48C8-9D6F-F86796475019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3179916B-F98C-4D10-82AB-59DCCACBE8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B44B5289-08BB-4D62-B60D-1BD738472B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*",
"matchCriteriaId": "02392BBF-AFAB-4739-BAF6-E930692AB28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*",
"matchCriteriaId": "BFF70436-E01E-4912-AC31-B600F5E8CB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*",
"matchCriteriaId": "360BA51B-B47E-4537-B564-9E628DF4E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "987F04BC-75DC-4959-AE32-070F11F9EBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "078BCE55-90BB-48DE-92D1-9A152338158C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "595F5AEE-E4A9-40E0-AF03-69AF689C4916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "FED47519-F254-4545-8551-FFBD0B4F9FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A06C0421-74B7-4F9D-9F3A-18BF62BDD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83F772DF-B8A7-4577-9AC6-3234B8C7FFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "60624BFB-BB50-47F9-BB6D-BC92B40988BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019."
},
{
"lang": "es",
"value": "slapd (tambi\u00e9n conocido como ns-slapd) en 389 Directory Server anterior a v1.2.8.a2, no maneja adecuadamente el campo c_timelimit del elemento de tabla de la conexi\u00f3n, que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de demonio) a trav\u00e9s de conexiones Simple Paged Results, como se ha demostrado mediante el uso de m\u00faltiples procesos para reproducir sesiones TCP, una vulnerabilidad diferente de CVE-2011-0019."
}
],
"id": "CVE-2011-1067",
"lastModified": "2024-11-21T01:25:26.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-23T19:00:02.407",
"references": [
{
"source": "cve@mitre.org",
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43566"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668619"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65769"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-10 14:59
Modified
2024-11-21 02:18
Severity ?
Summary
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| fedoraproject | 389_directory_server | 1.3.3.0 | |
| fedoraproject | 389_directory_server | 1.3.3.2 | |
| fedoraproject | 389_directory_server | 1.3.3.3 | |
| fedoraproject | 389_directory_server | 1.3.3.5 | |
| fedoraproject | 389_directory_server | 1.3.3.8 | |
| fedoraproject | fedora | 22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B301991-61EC-447E-A220-29D17E8FDABD",
"versionEndIncluding": "1.3.2.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80EE57EB-D603-40A5-84F5-BEA703D8A0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E18AB1-FE95-49F2-A354-F24C4569634C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77D4A1FC-53B7-493F-9D9C-B1DA6231A3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AE563B-59ED-40F4-B2FF-CDE6EFA5087B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "220041CC-C46F-4D0E-B231-0645621A7E66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors."
},
{
"lang": "es",
"value": "389 Directory Server anterior a 1.3.2.27 y 1.3.3.x anterior a 1.3.3.9 no restringe correctamente acceso al sub\u00e1rbol LDAP \u0027cn=changelog\u0027, lo que permite a atacantes remotos obtener informaci\u00f3n sensible del registro de cambios (changelog) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-8105",
"lastModified": "2024-11-21T02:18:34.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-10T14:59:00.070",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
},
{
"source": "secalert@redhat.com",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0628.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-18 13:29
Modified
2024-11-21 03:42
Severity ?
3.8 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:3401 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871 | Issue Tracking, Mitigation, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://pagure.io/389-ds-base/issue/49789 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3401 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pagure.io/389-ds-base/issue/49789 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| fedoraproject | 389_directory_server | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "002DBD7E-E803-456B-AB40-993574579668",
"versionEndExcluding": "1.3.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0826F4-15B5-4775-8B02-22324DB87DB6",
"versionEndExcluding": "1.4.0.12",
"versionStartIncluding": "1.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords."
},
{
"lang": "es",
"value": "389-ds-base en versiones anteriores a la 1.3.8.5 y 1.4.0.12 es vulnerable al almacenamiento en texto claro de informaci\u00f3n sensible. Por defecto, cuando los plugins Replica y/o retroChangeLog est\u00e1n habilitados, 389-ds-base almacena contrase\u00f1as en formato de texto plano en sus respectivos archivos changelog. Un atacante con los suficientes privilegios elevados, como root o Directory Manager, puede consultar esos archivos para recuperar contrase\u00f1as en texto plano."
}
],
"id": "CVE-2018-10871",
"lastModified": "2024-11-21T03:42:11.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-18T13:29:00.210",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:3401"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49789"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-23 19:00
Modified
2024-11-21 01:21
Severity ?
Summary
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| fedoraproject | 389_directory_server | 1.2.1 | |
| fedoraproject | 389_directory_server | 1.2.2 | |
| fedoraproject | 389_directory_server | 1.2.3 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "28287804-0CCD-464F-90B6-6A6FE10E1B84",
"versionEndIncluding": "1.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E9C8D-FFEE-424C-BBA6-42BD4309D18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2E9CEF-F30D-4374-A7E2-052102B602A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8729B-B00B-4871-B083-6B10A5034721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6335FA65-9498-40AF-AE2B-034DA2823821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CF92ADB-B5B0-43D7-93D8-CBA3AE46EB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17F8ED59-E27A-4B9B-8BB8-66FAB2B2DCFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4200CEAB-4E14-48C8-9D6F-F86796475019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3179916B-F98C-4D10-82AB-59DCCACBE8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B44B5289-08BB-4D62-B60D-1BD738472B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*",
"matchCriteriaId": "02392BBF-AFAB-4739-BAF6-E930692AB28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*",
"matchCriteriaId": "BFF70436-E01E-4912-AC31-B600F5E8CB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*",
"matchCriteriaId": "360BA51B-B47E-4537-B564-9E628DF4E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "987F04BC-75DC-4959-AE32-070F11F9EBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "078BCE55-90BB-48DE-92D1-9A152338158C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "595F5AEE-E4A9-40E0-AF03-69AF689C4916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "FED47519-F254-4545-8551-FFBD0B4F9FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A06C0421-74B7-4F9D-9F3A-18BF62BDD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83F772DF-B8A7-4577-9AC6-3234B8C7FFAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via \"badly behaved applications,\" related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019."
},
{
"lang": "es",
"value": "m\u00faltiples p\u00e9rdidas de memoria en la funcionalidad de la normalizaci\u00f3n en 389 Directory Server anteriores a v1.2.7.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de \"mal comportamiento aplicaciones\", relacionado con (1) mal uso del c\u00f3digo Slapi_Attr en la normalizaci\u00f3n DN y (2) mala gesti\u00f3n del puntero en la sintaxis del c\u00f3digo de normalizaci\u00f3n, diferente a CVE-2011-0019."
}
],
"id": "CVE-2010-4746",
"lastModified": "2024-11-21T01:21:39.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-23T19:00:01.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=663597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=663597"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-03 16:40
Modified
2024-11-21 01:35
Severity ?
Summary
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "35D900B4-B84B-49A3-8EDE-96D1900635C7",
"versionEndIncluding": "1.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E9C8D-FFEE-424C-BBA6-42BD4309D18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2E9CEF-F30D-4374-A7E2-052102B602A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8729B-B00B-4871-B083-6B10A5034721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6335FA65-9498-40AF-AE2B-034DA2823821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CF92ADB-B5B0-43D7-93D8-CBA3AE46EB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17F8ED59-E27A-4B9B-8BB8-66FAB2B2DCFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4200CEAB-4E14-48C8-9D6F-F86796475019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3179916B-F98C-4D10-82AB-59DCCACBE8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B44B5289-08BB-4D62-B60D-1BD738472B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*",
"matchCriteriaId": "02392BBF-AFAB-4739-BAF6-E930692AB28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*",
"matchCriteriaId": "BFF70436-E01E-4912-AC31-B600F5E8CB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*",
"matchCriteriaId": "360BA51B-B47E-4537-B564-9E628DF4E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "987F04BC-75DC-4959-AE32-070F11F9EBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "078BCE55-90BB-48DE-92D1-9A152338158C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "595F5AEE-E4A9-40E0-AF03-69AF689C4916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "FED47519-F254-4545-8551-FFBD0B4F9FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A06C0421-74B7-4F9D-9F3A-18BF62BDD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83F772DF-B8A7-4577-9AC6-3234B8C7FFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "60624BFB-BB50-47F9-BB6D-BC92B40988BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "5809DC7B-AC50-4E03-A8FA-6C2C6B67A400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "04FED7B7-7D97-4020-9D5C-A7150B43838C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "6CA6BAB0-4638-4341-8835-E24E58855C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C87A154-D750-4A93-B958-478CB17783F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "762AF16D-D7C3-4444-B8E5-88626D7DCE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF2BE2A-E90A-4336-864A-A76D9B1F0793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE57DD6-A59C-4073-8DBB-E8D667E9A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65E0F9-731B-48E4-AF46-C8CAAE00820D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AD8024-EF26-46B3-80E1-25661A5C538A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "A3DD52CC-C56A-4F62-BE61-BF826104B127",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server."
},
{
"lang": "es",
"value": "La funcion acllas__handle_group_entry en servers/plugins/acl/acllas.c en 389 Directory Server anterior a v1.2.10 no maneja adecuadamente las instrucciones de control de acceso (ACIs) que utilizan los grupos de certificados, permitiendo a los usuarios autenticados de LDAP con un certificado de grupo causar una denegaci\u00f3n de servicio (bucle infinito y consumo de CPU) mediante la uni\u00f3n (\"binding\") con el servidor."
}
],
"id": "CVE-2012-0833",
"lastModified": "2024-11-21T01:35:48.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-03T16:40:31.583",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0813.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48035"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49562"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/389/ticket/162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/389/ticket/162"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-13 23:55
Modified
2024-11-21 01:50
Severity ?
Summary
The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E9C8D-FFEE-424C-BBA6-42BD4309D18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2E9CEF-F30D-4374-A7E2-052102B602A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8729B-B00B-4871-B083-6B10A5034721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6335FA65-9498-40AF-AE2B-034DA2823821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CF92ADB-B5B0-43D7-93D8-CBA3AE46EB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17F8ED59-E27A-4B9B-8BB8-66FAB2B2DCFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4200CEAB-4E14-48C8-9D6F-F86796475019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3179916B-F98C-4D10-82AB-59DCCACBE8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B44B5289-08BB-4D62-B60D-1BD738472B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*",
"matchCriteriaId": "02392BBF-AFAB-4739-BAF6-E930692AB28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*",
"matchCriteriaId": "BFF70436-E01E-4912-AC31-B600F5E8CB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*",
"matchCriteriaId": "360BA51B-B47E-4537-B564-9E628DF4E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "987F04BC-75DC-4959-AE32-070F11F9EBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "078BCE55-90BB-48DE-92D1-9A152338158C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "595F5AEE-E4A9-40E0-AF03-69AF689C4916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "FED47519-F254-4545-8551-FFBD0B4F9FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A06C0421-74B7-4F9D-9F3A-18BF62BDD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83F772DF-B8A7-4577-9AC6-3234B8C7FFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "60624BFB-BB50-47F9-BB6D-BC92B40988BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "5809DC7B-AC50-4E03-A8FA-6C2C6B67A400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "04FED7B7-7D97-4020-9D5C-A7150B43838C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "6CA6BAB0-4638-4341-8835-E24E58855C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C87A154-D750-4A93-B958-478CB17783F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "762AF16D-D7C3-4444-B8E5-88626D7DCE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF2BE2A-E90A-4336-864A-A76D9B1F0793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE57DD6-A59C-4073-8DBB-E8D667E9A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65E0F9-731B-48E4-AF46-C8CAAE00820D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AD8024-EF26-46B3-80E1-25661A5C538A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8B6754-F47D-4E51-BB5E-020B6546D906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "A3DD52CC-C56A-4F62-BE61-BF826104B127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D820510A-C85F-4F5D-895E-884DB70A409F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D661F57-BECB-4880-A14F-F9DB3C6659C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6E8AC0-9017-4C68-BEA8-AC89642C74A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFCE99E-C862-4A32-BFB1-799F835045AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DE676D-9EB2-4FBB-B9D8-AFF71345F92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBE4443-C736-4263-BC89-5A8F2ADD81E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D64150B-1D48-4966-873C-029747495BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80F7CCAD-04B1-4BE1-BE61-791C5CA3984E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11943F1C-BD6D-4339-A381-5E4A33120383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA555B-4F2B-408D-9A4C-1740AFC228DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "60E619C3-7E6D-4235-ACE5-67524CD38AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED48D0E-1C9A-4FB8-B54E-F1B121D68045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7DFDE6-7C1F-4AB2-8719-50B44D25620F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F102D5BD-8B5F-47BF-A94C-923F0BEE943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "912A37B4-1E3B-40AB-8B63-720F84365843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "16C83007-E3C8-40D0-ADAE-E7EE87CCA464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.17:*:*:*:*:*:*:*",
"matchCriteriaId": "608BF64E-4204-4610-B23C-BC206E870F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.19:*:*:*:*:*:*:*",
"matchCriteriaId": "10315DCC-28D6-400C-92C1-C0AD5E3DDF53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7B3AF4-72F4-4242-84A5-1C5096BB42B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22BA10F4-510E-4D25-9DA6-BC475EEA5F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3766F68E-448D-4298-B0CE-1A37497984DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search."
},
{
"lang": "es",
"value": "La funci\u00f3n do_search function en ldap/servers/slapd/search.c en 389 Directory Server 1.2.x anteior a 1.2.11.20 y 1.3.x anterior a 1.3.0.5 no restringe el acceso adecuadamente a las entradas cuando la configuraci\u00f3n nsslapd-allow-anonymous-access est\u00e1 establecida a rootdse y se emplea el \u00e1mbito de b\u00fasqueda BASE, lo que permite a atacantes remotos obtener informaci\u00f3n sensible fuera del rootDSE mediante una b\u00fasqueda LDAP manipulada."
}
],
"id": "CVE-2013-1897",
"lastModified": "2024-11-21T01:50:36.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-13T23:55:01.717",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101323.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0742.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=928105"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/389/ticket/47308"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fedorahosted.org/freeipa/ticket/3540"
},
{
"source": "secalert@redhat.com",
"url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11\u0026id=5a18c828533a670e7143327893f8171a19062286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101323.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0742.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=928105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/389/ticket/47308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fedorahosted.org/freeipa/ticket/3540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11\u0026id=5a18c828533a670e7143327893f8171a19062286"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-03 16:40
Modified
2024-11-21 01:39
Severity ?
Summary
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5481052-D318-4F67-9567-79157BC716D0",
"versionEndIncluding": "8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABADB3F7-AD65-4E62-BEA5-782539911B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E190C97-A279-4EEE-B9C4-1EA888920F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75336B-F1E7-4369-B11D-1B132CA45424",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3A4C9B-3A48-4B84-9B54-7972E9F21566",
"versionEndIncluding": "1.2.11.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E9C8D-FFEE-424C-BBA6-42BD4309D18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2E9CEF-F30D-4374-A7E2-052102B602A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8729B-B00B-4871-B083-6B10A5034721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6335FA65-9498-40AF-AE2B-034DA2823821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CF92ADB-B5B0-43D7-93D8-CBA3AE46EB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17F8ED59-E27A-4B9B-8BB8-66FAB2B2DCFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4200CEAB-4E14-48C8-9D6F-F86796475019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3179916B-F98C-4D10-82AB-59DCCACBE8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B44B5289-08BB-4D62-B60D-1BD738472B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*",
"matchCriteriaId": "02392BBF-AFAB-4739-BAF6-E930692AB28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*",
"matchCriteriaId": "BFF70436-E01E-4912-AC31-B600F5E8CB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*",
"matchCriteriaId": "360BA51B-B47E-4537-B564-9E628DF4E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "987F04BC-75DC-4959-AE32-070F11F9EBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "078BCE55-90BB-48DE-92D1-9A152338158C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "595F5AEE-E4A9-40E0-AF03-69AF689C4916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "FED47519-F254-4545-8551-FFBD0B4F9FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A06C0421-74B7-4F9D-9F3A-18BF62BDD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83F772DF-B8A7-4577-9AC6-3234B8C7FFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "60624BFB-BB50-47F9-BB6D-BC92B40988BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "5809DC7B-AC50-4E03-A8FA-6C2C6B67A400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "04FED7B7-7D97-4020-9D5C-A7150B43838C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "6CA6BAB0-4638-4341-8835-E24E58855C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C87A154-D750-4A93-B958-478CB17783F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "762AF16D-D7C3-4444-B8E5-88626D7DCE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF2BE2A-E90A-4336-864A-A76D9B1F0793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE57DD6-A59C-4073-8DBB-E8D667E9A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65E0F9-731B-48E4-AF46-C8CAAE00820D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AD8024-EF26-46B3-80E1-25661A5C538A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "A3DD52CC-C56A-4F62-BE61-BF826104B127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D820510A-C85F-4F5D-895E-884DB70A409F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CA2089-F7DF-418B-BFAC-AACA7784EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D661F57-BECB-4880-A14F-F9DB3C6659C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6E8AC0-9017-4C68-BEA8-AC89642C74A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFCE99E-C862-4A32-BFB1-799F835045AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49A97D83-D0D8-4596-BEA0-825B13B60ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBE4443-C736-4263-BC89-5A8F2ADD81E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password."
},
{
"lang": "es",
"value": "\"389 Directory Server\" antes de v1.2.11.6 (tambi\u00e9n conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contrase\u00f1a de un usuario de LDAP ha cambiado y el registro de auditor\u00eda est\u00e1 habilitada, guarda la nueva contrase\u00f1a para el registro en texto plano, lo que permite leer la contrase\u00f1a a usuarios remotos autenticados."
}
],
"id": "CVE-2012-2746",
"lastModified": "2024-11-21T01:39:33.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-03T16:40:34.537",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49734"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/83329"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/54153"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833482"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76595"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fedorahosted.org/389/ticket/365"
},
{
"source": "secalert@redhat.com",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"source": "secalert@redhat.com",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/83329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fedorahosted.org/389/ticket/365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-30 12:29
Modified
2024-11-21 03:23
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/95670 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://pagure.io/389-ds-base/issue/48986 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95670 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pagure.io/389-ds-base/issue/48986 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| redhat | enterprise_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C32AFB8-385C-43D2-A22B-CC6E3B8AAE3B",
"versionEndExcluding": "1.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the \"attribute uniqueness\" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service."
},
{
"lang": "es",
"value": "389-ds-base, en versiones anteriores a la 1.3.6, es vulnerable a un array terminado indebidamente en NULL en la funci\u00f3n uniqueness_entry_to_config() en el plugin \"attribute uniqueness\" de 389 Directory Server. Un atacante autenticado o, posiblemente, sin autenticar, podr\u00eda emplear este error para forzar una lectura fuera de l\u00edmites de la memoria din\u00e1mica (heap), desencadenando un cierre inesperado del servicio LDAP."
}
],
"id": "CVE-2017-2591",
"lastModified": "2024-11-21T03:23:47.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-30T12:29:00.220",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95670"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/48986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/48986"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-04 20:29
Modified
2024-11-21 01:24
Severity ?
Summary
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=675320 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=676876 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=675320 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=676876 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | 1.2.7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request."
},
{
"lang": "es",
"value": "389 Directory Server 1.2.7.5, cuando se incluye con mozldap, permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de replica) mediante el env\u00edo de una petici\u00f3n modify vac\u00eda."
}
],
"id": "CVE-2011-0704",
"lastModified": "2024-11-21T01:24:39.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-04T20:29:00.267",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=675320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=676876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=675320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=676876"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-23 19:00
Modified
2024-11-21 01:23
Severity ?
Summary
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | 1.2.1 | |
| fedoraproject | 389_directory_server | 1.2.2 | |
| fedoraproject | 389_directory_server | 1.2.3 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6.1 | |
| fedoraproject | 389_directory_server | 1.2.7 | |
| fedoraproject | 389_directory_server | 1.2.7.5 | |
| fedoraproject | 389_directory_server | 1.2.8 | |
| fedoraproject | 389_directory_server | 1.2.8 | |
| redhat | directory_server | 8.2 | |
| redhat | directory_server | 8.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E9C8D-FFEE-424C-BBA6-42BD4309D18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2E9CEF-F30D-4374-A7E2-052102B602A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8729B-B00B-4871-B083-6B10A5034721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6335FA65-9498-40AF-AE2B-034DA2823821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CF92ADB-B5B0-43D7-93D8-CBA3AE46EB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17F8ED59-E27A-4B9B-8BB8-66FAB2B2DCFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4200CEAB-4E14-48C8-9D6F-F86796475019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3179916B-F98C-4D10-82AB-59DCCACBE8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B44B5289-08BB-4D62-B60D-1BD738472B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*",
"matchCriteriaId": "02392BBF-AFAB-4739-BAF6-E930692AB28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*",
"matchCriteriaId": "BFF70436-E01E-4912-AC31-B600F5E8CB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*",
"matchCriteriaId": "360BA51B-B47E-4537-B564-9E628DF4E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "987F04BC-75DC-4959-AE32-070F11F9EBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "078BCE55-90BB-48DE-92D1-9A152338158C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "595F5AEE-E4A9-40E0-AF03-69AF689C4916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "FED47519-F254-4545-8551-FFBD0B4F9FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A06C0421-74B7-4F9D-9F3A-18BF62BDD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83F772DF-B8A7-4577-9AC6-3234B8C7FFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "60624BFB-BB50-47F9-BB6D-BC92B40988BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "5809DC7B-AC50-4E03-A8FA-6C2C6B67A400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "04FED7B7-7D97-4020-9D5C-A7150B43838C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC61481-16C5-44EF-AA40-8423A40B2581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C92B4226-6D3D-4430-A753-92E828FBBB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory."
},
{
"lang": "es",
"value": "Las secuencias de comandos de configuraci\u00f3n en 389 Directory Server v1.2.x (tambi\u00e9n conocido como Red Hat Directory Server 8.2.x)), cuando varias instancias sin privilegios est\u00e1n configuradas, usa permisos 0777 para el directorio /var/run/dirsrv, que permite a usuarios locales provocar una denegaci\u00f3n de servicios (fallo de demonio o terminaci\u00f3n de procesos de su elecci\u00f3n) mediante la sustituci\u00f3n de los archivos PID contenidos en este directorio."
}
],
"id": "CVE-2011-0022",
"lastModified": "2024-11-21T01:23:08.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-23T19:00:01.813",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46489"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1025102"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=671199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=671199"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-17 14:29
Modified
2024-11-21 04:42
Severity ?
Summary
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| debian | debian_linux | 8.0 | |
| redhat | enterprise_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3404A8FB-F784-425E-9BAA-8C65E5252A38",
"versionEndIncluding": "1.4.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most \u0027ioblocktimeout\u0027 seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service."
},
{
"lang": "es",
"value": "En 389-ds-base hasta la versi\u00f3n 1.4.1.2, las peticiones son manejadas por hilos de trabajo. Cada conexi\u00f3n ser\u00e1 esperada mediante el trabajador durante un m\u00e1ximo de segundos de \u0027ioblocktimeout\u0027. Sin embargo, este tiempo de espera se aplica solo para peticiones sin cifrar. Las conexiones que usan SSL/TLS no toman en cuenta este tiempo de espera durante l"
}
],
"id": "CVE-2019-3883",
"lastModified": "2024-11-21T04:42:47.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-17T14:29:03.620",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1896"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3401"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3883"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00008.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/50329"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/pull-request/50331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/50329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/pull-request/50331"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-23 19:00
Modified
2024-11-21 01:23
Severity ?
Summary
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | 1.2.7.5 | |
| redhat | directory_server | 8.2 | |
| redhat | directory_server | 8.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC61481-16C5-44EF-AA40-8423A40B2581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C92B4226-6D3D-4430-A753-92E828FBBB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests."
},
{
"lang": "es",
"value": "slapd (tambi\u00e9n conocido como ns-slapd) en 389 Directory Server v1.2.7.5 (tambi\u00e9n conocido como Red Hat Directory Server v8.2.x o dirsrv) no gestiona correctamente las consultas paginadas simples, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) o posiblemente tengan un impacto no especificado a trav\u00e9s de peticiones de b\u00fasqueda m\u00faltiples."
}
],
"id": "CVE-2011-0019",
"lastModified": "2024-11-21T01:23:08.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-23T19:00:01.670",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46489"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1025102"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666076"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=670914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=670914"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-22 13:29
Modified
2024-11-21 03:23
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| fedoraproject | 389_directory_server | * | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D834E7AF-34D0-47D2-8556-C32E22FBA651",
"versionEndExcluding": "1.3.5.17",
"versionStartIncluding": "1.3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77128973-2750-48DC-9F5D-FD62B15AA106",
"versionEndExcluding": "1.3.6.10",
"versionStartIncluding": "1.3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service."
},
{
"lang": "es",
"value": "389-ds-base en versiones anteriores a la 1.3.5.17 y 1.3.6.10 es vulnerable a una desreferencia de puntero inv\u00e1lido en la forma en la que se gestionan las peticiones LDAP. Un atacante remoto no autenticado podr\u00eda emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petici\u00f3n bind LDAP especialmente manipulada que resulta en una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2017-2668",
"lastModified": "2024-11-21T03:23:56.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-22T13:29:00.213",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97524"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0893"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0920"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49220"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-01 03:26
Modified
2024-11-21 01:42
Severity ?
Summary
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | 1.2.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8B6754-F47D-4E51-BB5E-020B6546D906",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry."
},
{
"lang": "es",
"value": "389 Directory Server v1.2.10 no actualiza correctamente las ACL cuando una entrada DN es movida por una operaci\u00f3n modrdn, lo que permite a usuarios autenticados con ciertos permisos, evitar restricciones ACL y de acceso a entrada DN."
}
],
"id": "CVE-2012-4450",
"lastModified": "2024-11-21T01:42:55.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-01T03:26:16.540",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0503.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50713"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/26/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/26/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55690"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860772"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/389/ticket/340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0503.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/26/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/26/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/389/ticket/340"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-14 19:29
Modified
2024-11-21 03:49
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2757 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638 | Issue Tracking, Mitigation, Third Party Advisory | |
| secalert@redhat.com | https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2757 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73 | Issue Tracking, Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| redhat | enterprise_linux_aus | 7.6 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155206B3-2824-4A7F-99AD-31C4FE7C24FD",
"versionEndExcluding": "1.3.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "24E8D7FF-8269-4EDA-8DCB-7AF37673CD87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 1.3.8.4-13 de 389-ds-base. El proceso ns-slapd se cierra inesperadamente en la funci\u00f3n delete_passwdPolicy cuando las conexiones de b\u00fasqueda persistente se terminan inesperadamente, lo que conduce a una denegaci\u00f3n de servicio (DoS) remota."
}
],
"id": "CVE-2018-14638",
"lastModified": "2024-11-21T03:49:29.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-14T19:29:00.280",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-23 19:00
Modified
2024-11-21 01:24
Severity ?
Summary
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | 1.2.1 | |
| fedoraproject | 389_directory_server | 1.2.2 | |
| fedoraproject | 389_directory_server | 1.2.3 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.5 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6 | |
| fedoraproject | 389_directory_server | 1.2.6.1 | |
| fedoraproject | 389_directory_server | 1.2.7 | |
| fedoraproject | 389_directory_server | 1.2.7.5 | |
| fedoraproject | 389_directory_server | 1.2.8 | |
| fedoraproject | 389_directory_server | 1.2.8 | |
| redhat | directory_server | 8.2 | |
| redhat | directory_server | 8.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E9C8D-FFEE-424C-BBA6-42BD4309D18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2E9CEF-F30D-4374-A7E2-052102B602A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8729B-B00B-4871-B083-6B10A5034721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6335FA65-9498-40AF-AE2B-034DA2823821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CF92ADB-B5B0-43D7-93D8-CBA3AE46EB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17F8ED59-E27A-4B9B-8BB8-66FAB2B2DCFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4200CEAB-4E14-48C8-9D6F-F86796475019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3179916B-F98C-4D10-82AB-59DCCACBE8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B44B5289-08BB-4D62-B60D-1BD738472B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*",
"matchCriteriaId": "02392BBF-AFAB-4739-BAF6-E930692AB28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*",
"matchCriteriaId": "BFF70436-E01E-4912-AC31-B600F5E8CB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*",
"matchCriteriaId": "360BA51B-B47E-4537-B564-9E628DF4E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "987F04BC-75DC-4959-AE32-070F11F9EBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "078BCE55-90BB-48DE-92D1-9A152338158C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "595F5AEE-E4A9-40E0-AF03-69AF689C4916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "FED47519-F254-4545-8551-FFBD0B4F9FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A06C0421-74B7-4F9D-9F3A-18BF62BDD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83F772DF-B8A7-4577-9AC6-3234B8C7FFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "60624BFB-BB50-47F9-BB6D-BC92B40988BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "5809DC7B-AC50-4E03-A8FA-6C2C6B67A400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "04FED7B7-7D97-4020-9D5C-A7150B43838C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC61481-16C5-44EF-AA40-8423A40B2581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C92B4226-6D3D-4430-A753-92E828FBBB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
},
{
"lang": "es",
"value": "Las secuencias de comandos de (1) copia de seguridad y restauraci\u00f3n (2) inicializaci\u00f3n principal, y (3) ldap-agente en 389 Directory Server v1.2.x (tambi\u00e9n conocido como Red Hat Directory Server v8.2.x) pone un nombre de directorio con longitud cero en LD_LIBRARY_PATH, lo que permite a usuarios locales conseguir privilegios a trav\u00e9s de un troyano en una librer\u00eda compartida en el directorio de trabajo actual."
}
],
"id": "CVE-2011-0532",
"lastModified": "2024-11-21T01:24:13.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-23T19:00:01.967",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46489"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1025102"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672468"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65637"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-01 22:29
Modified
2024-11-21 03:14
Severity ?
Summary
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| fedoraproject | 389_directory_server | * | |
| fedoraproject | 389_directory_server | * | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server | 7.4 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "565E7C1C-4D37-4ECA-8875-86224B5F3854",
"versionEndExcluding": "1.3.6.13",
"versionStartIncluding": "1.3.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A10FA2A-2A2A-48EC-86A9-CD2A3A6F1892",
"versionEndExcluding": "1.3.7.9",
"versionStartIncluding": "1.3.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDACC20A-32B4-4E80-BE6E-89F72EA705B9",
"versionEndExcluding": "1.4.0.5",
"versionStartIncluding": "1.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4AB18C-40FC-4E48-830D-481A97B34256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service."
},
{
"lang": "es",
"value": "Se ha encontrado un error de desbordamiento de b\u00fafer basado en pila en la forma en la que 389-ds-base, en versiones 1.3.6.x anteriores a la 1.3.6.13, versiones 1.3.7.x anteriores a la 1.3.7.9 y versiones 1.4.x anteriores a la 1.4.0.5, gestionaba ciertos filtros de b\u00fasqueda LDAP. Un atacante remoto no autenticado podr\u00eda emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petici\u00f3n LDAP especialmente manipulada que resulta en una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2017-15134",
"lastModified": "2024-11-21T03:14:08.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-01T22:29:00.237",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102790"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0163"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531573"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://pagure.io/389-ds-base/c/6aa2acdc3cad9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://pagure.io/389-ds-base/c/6aa2acdc3cad9"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 04:18
Severity ?
Summary
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10171 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10171 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| redhat | enterprise_linux_server_eus | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A9EE6A0-E152-4032-B4B3-21C848652685",
"versionEndExcluding": "1.4.0.17",
"versionStartIncluding": "1.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service."
},
{
"lang": "es",
"value": "Se detect\u00f3 que la correcci\u00f3n para el CVE-2018-14648 en 389-ds-base, versiones 1.4.0.x anteriores a 1.4.0.17, se aplic\u00f3 incorrectamente en RHEL versi\u00f3n 7.5. Un atacante podr\u00eda a\u00fan ser capaz de provocar un consumo excesivo de CPU conllevando a una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2019-10171",
"lastModified": "2024-11-21T04:18:34.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:14.067",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10171"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-31 13:20
Modified
2024-11-21 01:51
Severity ?
Summary
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | - | |
| redhat | directory_server | * | |
| redhat | directory_server | 7.1 | |
| redhat | directory_server | 8.0 | |
| redhat | directory_server | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65E209CD-4A5F-48F1-BA57-3145757D2C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5481052-D318-4F67-9567-79157BC716D0",
"versionEndIncluding": "8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABADB3F7-AD65-4E62-BEA5-782539911B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E190C97-A279-4EEE-B9C4-1EA888920F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75336B-F1E7-4369-B11D-1B132CA45424",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute."
},
{
"lang": "es",
"value": "El Red Hat Directory Server 8.2.11-13 y 389 Directory Server, no restringe adecuadamente los atributos de entidad, lo que permite a usuarios autenticados remotamente obtener informaci\u00f3n sensible a trav\u00e9s de una consulta de b\u00fasqueda hacia ese atributo."
}
],
"id": "CVE-2013-2219",
"lastModified": "2024-11-21T01:51:16.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-31T13:20:25.577",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1116.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1119.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=979508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1116.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1119.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=979508"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-21 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E9C8D-FFEE-424C-BBA6-42BD4309D18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2E9CEF-F30D-4374-A7E2-052102B602A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8729B-B00B-4871-B083-6B10A5034721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6335FA65-9498-40AF-AE2B-034DA2823821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CF92ADB-B5B0-43D7-93D8-CBA3AE46EB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17F8ED59-E27A-4B9B-8BB8-66FAB2B2DCFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4200CEAB-4E14-48C8-9D6F-F86796475019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3179916B-F98C-4D10-82AB-59DCCACBE8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B44B5289-08BB-4D62-B60D-1BD738472B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*",
"matchCriteriaId": "02392BBF-AFAB-4739-BAF6-E930692AB28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*",
"matchCriteriaId": "BFF70436-E01E-4912-AC31-B600F5E8CB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*",
"matchCriteriaId": "360BA51B-B47E-4537-B564-9E628DF4E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "987F04BC-75DC-4959-AE32-070F11F9EBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "078BCE55-90BB-48DE-92D1-9A152338158C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "595F5AEE-E4A9-40E0-AF03-69AF689C4916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "FED47519-F254-4545-8551-FFBD0B4F9FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A06C0421-74B7-4F9D-9F3A-18BF62BDD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83F772DF-B8A7-4577-9AC6-3234B8C7FFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "60624BFB-BB50-47F9-BB6D-BC92B40988BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "5809DC7B-AC50-4E03-A8FA-6C2C6B67A400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "04FED7B7-7D97-4020-9D5C-A7150B43838C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "6CA6BAB0-4638-4341-8835-E24E58855C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C87A154-D750-4A93-B958-478CB17783F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "762AF16D-D7C3-4444-B8E5-88626D7DCE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF2BE2A-E90A-4336-864A-A76D9B1F0793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE57DD6-A59C-4073-8DBB-E8D667E9A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65E0F9-731B-48E4-AF46-C8CAAE00820D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AD8024-EF26-46B3-80E1-25661A5C538A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8B6754-F47D-4E51-BB5E-020B6546D906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "A3DD52CC-C56A-4F62-BE61-BF826104B127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D820510A-C85F-4F5D-895E-884DB70A409F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D661F57-BECB-4880-A14F-F9DB3C6659C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6E8AC0-9017-4C68-BEA8-AC89642C74A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFCE99E-C862-4A32-BFB1-799F835045AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DE676D-9EB2-4FBB-B9D8-AFF71345F92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBE4443-C736-4263-BC89-5A8F2ADD81E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D64150B-1D48-4966-873C-029747495BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80F7CCAD-04B1-4BE1-BE61-791C5CA3984E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11943F1C-BD6D-4339-A381-5E4A33120383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA555B-4F2B-408D-9A4C-1740AFC228DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "60E619C3-7E6D-4235-ACE5-67524CD38AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED48D0E-1C9A-4FB8-B54E-F1B121D68045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7DFDE6-7C1F-4AB2-8719-50B44D25620F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F102D5BD-8B5F-47BF-A94C-923F0BEE943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "912A37B4-1E3B-40AB-8B63-720F84365843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "16C83007-E3C8-40D0-ADAE-E7EE87CCA464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.17:*:*:*:*:*:*:*",
"matchCriteriaId": "608BF64E-4204-4610-B23C-BC206E870F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.19:*:*:*:*:*:*:*",
"matchCriteriaId": "10315DCC-28D6-400C-92C1-C0AD5E3DDF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE13693-1A6B-4A2A-AF64-F76FA0A3EBA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.21:*:*:*:*:*:*:*",
"matchCriteriaId": "83A5B6F2-DCD1-49D4-92FC-303A960542C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.22:*:*:*:*:*:*:*",
"matchCriteriaId": "304EAF1A-3163-4184-B3FC-0B641BA1FC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.23:*:*:*:*:*:*:*",
"matchCriteriaId": "49F8893E-7087-4874-9D39-6238317CB6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2145BE75-1513-47D5-865A-C56D5A93541C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.26:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9144FC-CAA0-4433-A096-E42A1C3B2A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7B3AF4-72F4-4242-84A5-1C5096BB42B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22BA10F4-510E-4D25-9DA6-BC475EEA5F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3766F68E-448D-4298-B0CE-1A37497984DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "70105BE3-6F4F-41FB-9CAB-8990A4FAC475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "028A3ADC-1C62-4233-8FE6-C54B65C6855D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "513E1F97-C0C8-49D7-8CC0-5CD6D258A956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF2940A-5375-4EB0-87B0-9DC3467DE5E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E190C97-A279-4EEE-B9C4-1EA888920F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory."
},
{
"lang": "es",
"value": "Red Hat Directory Server 8 y 389 Directory Server, cuando depuraci\u00f3n est\u00e1 habilitada, permite a atacantes remotos obtener metadatos replicados sensibles mediante la b\u00fasqueda del directorio."
}
],
"id": "CVE-2014-3562",
"lastModified": "2024-11-21T02:08:22.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-21T14:55:04.993",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1031.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1032.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123477"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-08 15:15
Modified
2024-11-21 04:27
Severity ?
Summary
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | - | |
| redhat | enterprise_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65E209CD-4A5F-48F1-BA57-3145757D2C23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the \u0027deref\u0027 plugin of 389-ds-base where it could use the \u0027search\u0027 permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes."
},
{
"lang": "es",
"value": "Se detect\u00f3 un fallo en el plugin \"deref\" de 389-ds-base, donde podr\u00eda usar el permiso \"search\" para mostrar los valores de los atributos. En algunas configuraciones, esto podr\u00eda permitir a un atacante autenticado visualizar atributos privados, tales como hashes de contrase\u00f1as."
}
],
"id": "CVE-2019-14824",
"lastModified": "2024-11-21T04:27:26.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-08T15:15:11.563",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3981"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0464"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-13 20:29
Modified
2024-11-21 03:42
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| debian | debian_linux | 8.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8025E9-2BFF-45C2-AA8F-AEBF407409B1",
"versionEndExcluding": "1.4.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service."
},
{
"lang": "es",
"value": "389-ds-base en versiones anteriores a la 1.4.0.10 y 1.3.8.3 es vulnerable a una condici\u00f3n de carrera por la forma en la que 389-ds-base gestiona las b\u00fasquedas persistentes. Esto resulta en un cierre inesperado si el servidor est\u00e1 bajo carga. Un atacante an\u00f3nimo podr\u00eda explotar este error para provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-10850",
"lastModified": "2024-11-21T03:42:08.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-13T20:29:00.277",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/c/8f04487f99a"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/c/8f04487f99a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49768"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-07 13:29
Modified
2024-11-21 03:59
Severity ?
Summary
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server | 7.4 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C00710C4-7B13-46C2-A0FA-CC53EEF222E3",
"versionEndIncluding": "1.4.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4AB18C-40FC-4E48-830D-481A97B34256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service."
},
{
"lang": "es",
"value": "Se ha encontrado un error de lectura de memoria fuera de l\u00edmites en la forma en la que 389-ds-base gestionaba ciertos filtros de b\u00fasqueda LDAP, que afecta a todas las versiones 1.4.x. Un atacante remoto no autenticado podr\u00eda emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petici\u00f3n LDAP especialmente manipulada que resulta en una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-1054",
"lastModified": "2024-11-21T03:59:04.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-07T13:29:00.257",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103228"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537314"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49545"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-09 15:29
Modified
2024-11-21 03:59
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| fedoraproject | 389_directory_server | * | |
| fedoraproject | 389_directory_server | 1.3.8.1 | |
| fedoraproject | 389_directory_server | 1.3.8.2 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43F15164-D34C-4AD1-8C42-B204EB522574",
"versionEndExcluding": "1.3.6.15",
"versionStartIncluding": "1.3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6EB395-08A3-4CA3-B2A4-D87364DC66CA",
"versionEndExcluding": "1.4.0.9",
"versionStartIncluding": "1.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D28C4335-E0E9-4676-962B-8CAA5CAADA51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67C6EA7B-CCE7-41F9-B536-F863850D2BDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service."
},
{
"lang": "es",
"value": "389-ds-base en versiones anteriores a la 1.4.0.9, 1.3.8.1 y 1.3.6.15 no gestion\u00f3 correctamente los filtros de b\u00fasqueda largos con caracteres que necesitan escapado. Esto podr\u00eda conducir a desbordamientos de b\u00fafer. Un atacante remoto no autenticado podr\u00eda emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petici\u00f3n LDAP especialmente manipulada que resulta en una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-1089",
"lastModified": "2024-11-21T03:59:09.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-09T15:29:00.207",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104137"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1364"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1380"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-23 11:55
Modified
2024-11-21 01:55
Severity ?
Summary
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 6.0 | |
| fedoraproject | 389_directory_server | 1.2.11.15 | |
| redhat | directory_server | * | |
| redhat | directory_server | 7.1 | |
| redhat | directory_server | 8.0 | |
| redhat | directory_server | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "16C83007-E3C8-40D0-ADAE-E7EE87CCA464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5481052-D318-4F67-9567-79157BC716D0",
"versionEndIncluding": "8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABADB3F7-AD65-4E62-BEA5-782539911B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E190C97-A279-4EEE-B9C4-1EA888920F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75336B-F1E7-4369-B11D-1B132CA45424",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request."
},
{
"lang": "es",
"value": "389 Directory Server 1.2.11.15 (tambi\u00e9n conocido como Red Hat Directory Server anterior a la versi\u00f3n 8.2.11-14) permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de m\u00faltiples caracteres @ en una lista de atributo GER de una petici\u00f3n de b\u00fasqueda."
}
],
"id": "CVE-2013-4485",
"lastModified": "2024-11-21T01:55:39.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-23T11:55:04.710",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1752.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1753.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1752.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55765"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-10 19:55
Modified
2024-11-21 01:55
Severity ?
Summary
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| fedoraproject | 389_directory_server | 1.3.0.2 | |
| fedoraproject | 389_directory_server | 1.3.0.3 | |
| fedoraproject | 389_directory_server | 1.3.0.4 | |
| fedoraproject | 389_directory_server | 1.3.0.5 | |
| fedoraproject | 389_directory_server | 1.3.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F28EC078-9475-4B71-A93A-CF49C4ABC084",
"versionEndIncluding": "1.3.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7B3AF4-72F4-4242-84A5-1C5096BB42B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22BA10F4-510E-4D25-9DA6-BC475EEA5F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3766F68E-448D-4298-B0CE-1A37497984DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "70105BE3-6F4F-41FB-9CAB-8990A4FAC475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "028A3ADC-1C62-4233-8FE6-C54B65C6855D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request."
},
{
"lang": "es",
"value": "ns-slapd en 389 Directory Server anterior a v1.3.0.8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servidor) a trav\u00e9s de un Distinguished Name (DN) manipulado en una operaci\u00f3n de petici\u00f3n MOD."
}
],
"id": "CVE-2013-4283",
"lastModified": "2024-11-21T01:55:16.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-10T19:55:11.320",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1182.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54586"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54650"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1182.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999634"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-19 15:29
Modified
2024-11-21 02:26
Severity ?
Summary
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| fedoraproject | fedora | 22 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A88381E5-A766-4B31-A978-EE8EEDED48C5",
"versionEndIncluding": "1.3.3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call."
},
{
"lang": "es",
"value": "389 Directory Server en versiones anteriores a la 1.3.3.10 permite que los atacantes omitan las restricciones de acceso previstas y modifiquen las entradas del directorio mediante una llamada ldapmodrdn manipulada."
}
],
"id": "CVE-2015-1854",
"lastModified": "2024-11-21T02:26:16.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-19T15:29:00.570",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74392"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0895"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209573"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-06 14:29
Modified
2024-11-21 03:49
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE50541-52B6-4275-B768-BDBF311C9A0F",
"versionEndIncluding": "1.3.7.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2639E1C4-9C79-41EF-9F9D-368669F7FCE5",
"versionEndIncluding": "1.3.8.8",
"versionStartIncluding": "1.3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A5D1BB-6CBB-4417-AB4A-4C694D1C5942",
"versionEndIncluding": "1.4.0.16",
"versionStartIncluding": "1.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en 389-ds-base hasta las versiones 1.3.7.10, 1.3.8.8 y 1.4.0.16. El bloqueo que controla el registro de errores no se empleaba correctamente al reabrir el archivo de registro en log__error_emergency(). Un atacante podr\u00eda enviar una inundaci\u00f3n de modificaciones a un DN muy largo, lo que provocar\u00eda que slapd se cerrase inesperadamente."
}
],
"id": "CVE-2018-14624",
"lastModified": "2024-11-21T03:49:26.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T14:29:00.447",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49937"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-18 17:02
Modified
2024-11-21 02:01
Severity ?
Summary
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| fedoraproject | 389_directory_server | 1.2.11.1 | |
| fedoraproject | 389_directory_server | 1.2.11.5 | |
| fedoraproject | 389_directory_server | 1.2.11.6 | |
| fedoraproject | 389_directory_server | 1.2.11.8 | |
| fedoraproject | 389_directory_server | 1.2.11.9 | |
| fedoraproject | 389_directory_server | 1.2.11.10 | |
| fedoraproject | 389_directory_server | 1.2.11.11 | |
| fedoraproject | 389_directory_server | 1.2.11.12 | |
| fedoraproject | 389_directory_server | 1.2.11.13 | |
| fedoraproject | 389_directory_server | 1.2.11.14 | |
| fedoraproject | 389_directory_server | 1.2.11.15 | |
| fedoraproject | 389_directory_server | 1.2.11.17 | |
| fedoraproject | 389_directory_server | 1.2.11.19 | |
| fedoraproject | 389_directory_server | 1.2.11.20 | |
| fedoraproject | 389_directory_server | 1.2.11.21 | |
| fedoraproject | 389_directory_server | 1.2.11.22 | |
| fedoraproject | 389_directory_server | 1.2.11.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42CCF633-027C-40D6-8982-C149D557FD78",
"versionEndIncluding": "1.2.11.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBE4443-C736-4263-BC89-5A8F2ADD81E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D64150B-1D48-4966-873C-029747495BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80F7CCAD-04B1-4BE1-BE61-791C5CA3984E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11943F1C-BD6D-4339-A381-5E4A33120383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA555B-4F2B-408D-9A4C-1740AFC228DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "60E619C3-7E6D-4235-ACE5-67524CD38AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED48D0E-1C9A-4FB8-B54E-F1B121D68045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7DFDE6-7C1F-4AB2-8719-50B44D25620F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F102D5BD-8B5F-47BF-A94C-923F0BEE943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.14:*:*:*:*:*:*:*",
"matchCriteriaId": "912A37B4-1E3B-40AB-8B63-720F84365843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.15:*:*:*:*:*:*:*",
"matchCriteriaId": "16C83007-E3C8-40D0-ADAE-E7EE87CCA464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.17:*:*:*:*:*:*:*",
"matchCriteriaId": "608BF64E-4204-4610-B23C-BC206E870F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.19:*:*:*:*:*:*:*",
"matchCriteriaId": "10315DCC-28D6-400C-92C1-C0AD5E3DDF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE13693-1A6B-4A2A-AF64-F76FA0A3EBA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.21:*:*:*:*:*:*:*",
"matchCriteriaId": "83A5B6F2-DCD1-49D4-92FC-303A960542C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.22:*:*:*:*:*:*:*",
"matchCriteriaId": "304EAF1A-3163-4184-B3FC-0B641BA1FC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.23:*:*:*:*:*:*:*",
"matchCriteriaId": "49F8893E-7087-4874-9D39-6238317CB6B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind."
},
{
"lang": "es",
"value": "La funcionalidad de autenticaci\u00f3n SASL en 389 Directory Server anterior a 1.2.11.26 permite a usuarios remotos autenticados conectar como un usuario arbitrario y ganar privilegios a trav\u00e9s del par\u00e1metro authzid en un SASL/GSSAPI bind."
}
],
"id": "CVE-2014-0132",
"lastModified": "2024-11-21T02:01:26.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-18T17:02:53.420",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0292.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57412"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57427"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://fedorahosted.org/389/ticket/47739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0292.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://fedorahosted.org/389/ticket/47739"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-29 20:59
Modified
2024-11-21 02:28
Severity ?
Summary
389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D55DA2AE-B217-41DF-A14F-8282D1B3808D",
"versionEndIncluding": "1.3.3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher."
},
{
"lang": "es",
"value": "389 Directory Server (anteriormente Fedora Directory Server) en versiones anteriores a 1.3.3.12 no hace cumplir la preferencia nsSSL3Ciphers cuando crean un sslSocket, lo que permite a atacantes remotos tener un impacto no especificado mediante la petici\u00f3n de utilizar un cifrado deshabilitado."
}
],
"id": "CVE-2015-3230",
"lastModified": "2024-11-21T02:28:57.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-29T20:59:00.087",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/389/ticket/48194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/389/ticket/48194"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-03 16:40
Modified
2024-11-21 01:39
Severity ?
Summary
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5481052-D318-4F67-9567-79157BC716D0",
"versionEndIncluding": "8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABADB3F7-AD65-4E62-BEA5-782539911B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E190C97-A279-4EEE-B9C4-1EA888920F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:directory_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75336B-F1E7-4369-B11D-1B132CA45424",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3A4C9B-3A48-4B84-9B54-7972E9F21566",
"versionEndIncluding": "1.2.11.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E9C8D-FFEE-424C-BBA6-42BD4309D18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2E9CEF-F30D-4374-A7E2-052102B602A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8729B-B00B-4871-B083-6B10A5034721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6335FA65-9498-40AF-AE2B-034DA2823821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CF92ADB-B5B0-43D7-93D8-CBA3AE46EB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17F8ED59-E27A-4B9B-8BB8-66FAB2B2DCFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4200CEAB-4E14-48C8-9D6F-F86796475019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3179916B-F98C-4D10-82AB-59DCCACBE8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B44B5289-08BB-4D62-B60D-1BD738472B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*",
"matchCriteriaId": "02392BBF-AFAB-4739-BAF6-E930692AB28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*",
"matchCriteriaId": "BFF70436-E01E-4912-AC31-B600F5E8CB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*",
"matchCriteriaId": "360BA51B-B47E-4537-B564-9E628DF4E6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "987F04BC-75DC-4959-AE32-070F11F9EBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "078BCE55-90BB-48DE-92D1-9A152338158C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "595F5AEE-E4A9-40E0-AF03-69AF689C4916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "FED47519-F254-4545-8551-FFBD0B4F9FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A06C0421-74B7-4F9D-9F3A-18BF62BDD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83F772DF-B8A7-4577-9AC6-3234B8C7FFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "60624BFB-BB50-47F9-BB6D-BC92B40988BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "5809DC7B-AC50-4E03-A8FA-6C2C6B67A400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "04FED7B7-7D97-4020-9D5C-A7150B43838C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "6CA6BAB0-4638-4341-8835-E24E58855C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C87A154-D750-4A93-B958-478CB17783F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "762AF16D-D7C3-4444-B8E5-88626D7DCE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF2BE2A-E90A-4336-864A-A76D9B1F0793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE57DD6-A59C-4073-8DBB-E8D667E9A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65E0F9-731B-48E4-AF46-C8CAAE00820D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AD8024-EF26-46B3-80E1-25661A5C538A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "A3DD52CC-C56A-4F62-BE61-BF826104B127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D820510A-C85F-4F5D-895E-884DB70A409F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CA2089-F7DF-418B-BFAC-AACA7784EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D661F57-BECB-4880-A14F-F9DB3C6659C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6E8AC0-9017-4C68-BEA8-AC89642C74A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFCE99E-C862-4A32-BFB1-799F835045AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49A97D83-D0D8-4596-BEA0-825B13B60ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBE4443-C736-4263-BC89-5A8F2ADD81E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute."
},
{
"lang": "es",
"value": "\"389 Directory Server\" antes de v1.2.11.6 (tambi\u00e9n conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contrase\u00f1a de un usuario de LDAP ha cambiado y anyes de que el servidor haya sido reiniciado, permite a atacantes remotos leer contrase\u00f1as en claro a trav\u00e9s del atributo unhashed#user#password."
}
],
"id": "CVE-2012-2678",
"lastModified": "2024-11-21T01:39:25.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-03T16:40:33.583",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/83336"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49734"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/54153"
},
{
"source": "secalert@redhat.com",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"source": "secalert@redhat.com",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/83336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-24 15:29
Modified
2024-11-21 03:14
Severity ?
Summary
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9917C1A6-93B5-415D-B8F2-0131B9345A09",
"versionEndIncluding": "1.4.0.3",
"versionStartIncluding": "1.3.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances."
},
{
"lang": "es",
"value": "Se ha descubierto que 389-ds-base, desde la versi\u00f3n 1.3.6.1 y hasta e incluyendo la versi\u00f3n 1.4.0.3, no manipulaba siempre las operaciones de comparaci\u00f3n de hash internas de manera correcta durante el proceso de autenticaci\u00f3n. Un atacante remoto no autenticado podr\u00eda emplear este error para omitir el proceso de autenticaci\u00f3n bajo circunstancias muy excepcionales."
}
],
"id": "CVE-2017-15135",
"lastModified": "2024-11-21T03:14:08.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-24T15:29:01.167",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102811"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-25 16:15
Modified
2024-11-21 04:18
Severity ?
Summary
A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html | ||
| secalert@redhat.com | https://pagure.io/389-ds-base/issue/50251 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://pagure.io/389-ds-base/issue/50251 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74563673-2E02-4592-BBB8-0ACC8D0C107F",
"versionEndExcluding": "1.4.1.3",
"versionStartIncluding": "1.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en 389-ds-base versiones 1.4.x.x anteriores a 1.4.1.3. Cuando se ejecuta en modo verbose, los comandos dscreate y dsconf pueden mostrar informaci\u00f3n confidencial, tales como la contrase\u00f1a de Directory Manager. Un atacante, capaz de visualizar la pantalla o grabar la salida de error est\u00e1ndar del terminal, podr\u00eda utilizar este fallo para conseguir informaci\u00f3n confidencial."
}
],
"id": "CVE-2019-10224",
"lastModified": "2024-11-21T04:18:41.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-25T16:15:13.440",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/50251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/50251"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-19 21:59
Modified
2024-11-21 02:42
Severity ?
Summary
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_hpc_node | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| fedoraproject | 389_directory_server | 1.3.4.0 | |
| fedoraproject | 389_directory_server | 1.3.4.1 | |
| fedoraproject | 389_directory_server | 1.3.4.4 | |
| fedoraproject | 389_directory_server | 1.3.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA30F3F3-3384-4E46-B51F-FCAF43728779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC25FDF-B453-471A-84B7-AFA08B6039CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C78CE214-54CB-4ECC-B45D-CFABF249E1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCA8C87-70FF-488E-9A3F-26D77323AB75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection."
},
{
"lang": "es",
"value": "slapd/connection.c en 389 Directory Server (anteriormente Fedora Directory Server) 1.3.4.x en versiones anteriores a 1.3.4.7 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y bloqueo de conexion) aprovech\u00e1ndose de una conexi\u00f3n cerrada de manera an\u00f3mala."
}
],
"id": "CVE-2016-0741",
"lastModified": "2024-11-21T02:42:17.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-19T21:59:06.973",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0204.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/82343"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/389/changeset/cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2/"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/389/ticket/48412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/82343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/389/changeset/cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/389/ticket/48412"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-10 14:59
Modified
2024-11-21 02:18
Severity ?
Summary
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BD1442-A488-40AF-B012-02C494F890EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC09ED4F-BD6F-4E4F-A3E9-3CB1F786C28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6E9579-5C2A-4DDB-BC89-9C2F9D3E57A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "636CF78E-C1D5-4E19-8447-243938482B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "208B3899-8FCD-4BDC-A1B7-DB5EBCBD24DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD54252-424A-4E03-BA8C-F68DF1B69387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFFBA09-8B02-4AF2-96F8-61051B9AE5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "81016A2A-EC20-43AF-A8D7-0F00CB86AA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97AA7912-CEB0-4D97-A969-6C96F2277A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D6423AE4-A4D1-4D5F-BE68-1314C729A699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "33E52074-5F34-4AC4-8AA2-75DD5788E02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0512AB8C-B987-43E6-A88D-B2FA32107C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "915D2B3E-011D-4EB4-B681-F3D4D750B81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4CADECEB-330D-4E1B-A55D-77EAA3C4E618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E42DAE37-0208-4933-8AA1-4E020E2098ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7B23F21B-AD72-46E5-913F-94041DEF797D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F99672B7-7C21-46DD-AD56-1AF181BB667A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "85CB17B0-5EA1-4D48-998C-63398E125746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0B081EEB-FA22-4AF1-8C17-A1093093B936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E170B73A-80F5-4E26-AD41-12FABD79439E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3C4A80-1F0F-4286-B48F-4964AAF618AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF5D990-E925-4662-A119-09A1B4679A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E42EE75-317F-46AE-9A91-1868F6EA2B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9803DD63-02DA-42DB-B06D-93C3CA1C2DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F794D2-B5BB-4CC0-B4DC-AE40C66629D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "20ABC05B-4D65-41E6-BB53-848CE39616D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D999F0-9541-44AA-A6AC-0AA157C8363B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEB623B-9405-4DE2-9C68-446445AA8283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "45B6E0D3-D9C7-46E6-B7AD-FBB69CF16B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7438F4E9-31E2-4719-81BB-046C0A51F63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "423936CB-530E-469E-B94F-253262B53B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC5ED2C-6A0D-4848-8F68-3F4519C78EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "517C24AC-436E-456F-A425-2CF8EE079F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1CC183-135E-4546-A28C-67AA775CECD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "041A4EB5-8F0F-4CDF-BAEC-405539BE6901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "90850EA2-9F98-44D5-BE29-217978286AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F841EEC9-3EB4-46F0-9092-10813C8874A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA8E677-71A6-499C-9CD7-9C90744DC811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80EE57EB-D603-40A5-84F5-BEA703D8A0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E18AB1-FE95-49F2-A354-F24C4569634C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77D4A1FC-53B7-493F-9D9C-B1DA6231A3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AE563B-59ED-40F4-B2FF-CDE6EFA5087B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "220041CC-C46F-4D0E-B231-0645621A7E66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores \"unhashed\" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog."
},
{
"lang": "es",
"value": "389 Directory Server 1.3.1.x, 1.3.2.x anterior a 1.3.2.27, y 1.3.3.x anterior a 1.3.3.9 almacena contrase\u00f1as sin estar en hash incluso cuando la opci\u00f3n nsslapd-unhashed-pw-switch est\u00e1 configurado como apagado (off), lo que permite a usuarios remotosw autenticados obtener informaci\u00f3n sensible mediante la lectura del registro de cambios (Changelog)."
}
],
"id": "CVE-2014-8112",
"lastModified": "2024-11-21T02:18:34.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-10T14:59:01.600",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
},
{
"source": "secalert@redhat.com",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-16 18:29
Modified
2024-11-21 03:32
Severity ?
Summary
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2569 | ||
| secalert@redhat.com | https://pagure.io/389-ds-base/issue/49336 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2569 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://pagure.io/389-ds-base/issue/49336 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | 1.3.5.19 | |
| fedoraproject | 389_directory_server | 1.3.6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C56A41C4-3612-431A-9D31-49EAAF080FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A7D3E1-5DFE-4D54-82BF-D0DDC550089C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts."
},
{
"lang": "es",
"value": "389-ds-base en su versi\u00f3n anterior a 1.3.5.19 y 1.3.6.7 es vulnerable a ataques de fuerza bruta de contrase\u00f1as durante un bloqueo de cuenta debido a los diferentes c\u00f3digos de retorno que se devuelven durante los intentos de contrase\u00f1a."
}
],
"id": "CVE-2017-7551",
"lastModified": "2024-11-21T03:32:08.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-16T18:29:00.317",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2569"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://pagure.io/389-ds-base/issue/49336"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-28 13:29
Modified
2024-11-21 03:49
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:3127 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:3507 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648 | Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3127 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3507 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | 389_directory_server | * | |
| debian | debian_linux | 8.0 | |
| redhat | enterprise_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB60B4F-71BF-4C47-B8DA-CCBC567AB377",
"versionEndExcluding": "1.4.0.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en 389 Directory Server. Una cadena de consulta especialmente manipulada podr\u00eda conducir a un consumo de CPU excesivo en la funci\u00f3n do_search(). Un atacante no autenticado podr\u00eda explotar este error para provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-14648",
"lastModified": "2024-11-21T03:49:30.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-28T13:29:00.283",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3127"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3507"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}