CVE-2012-0833

Name of the Vulnerable Software and Affected Versions 389 Directory Server versions prior to 1.2.10

Description The issue arises from the improper handling of access control instructions (ACIs) that utilize certificate groups by the acllas handle group entry function. This allows remote authenticated LDAP users with a certificate group to cause a denial of service, characterized by an infinite loop and excessive CPU consumption, by binding to the server.

Recommendations For versions prior to 1.2.10, update to version 1.2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the acllas handle group entry function in the servers/plugins/acl/acllas.c file until a patch is applied.