PT-2012-5407 · Red Hat+1 · 389 Directory Server+2

Noriko Hosoi

Publicado

2012-10-01

Atualizado

2013-03-09

CVE-2012-4450

CVSS v2.0

6.0

Média

Vetor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions 389 Directory Server version 1.2.10

Description The issue arises from the improper update of the Access Control List (ACL) when a Distinguished Name (DN) entry is moved by a modrdn operation. This allows remote authenticated users with specific permissions to bypass ACL restrictions and access the DN entry.

Recommendations For 389 Directory Server version 1.2.10, consider restricting access to the modrdn operation until a proper fix is applied to ensure the ACL is correctly updated when a DN entry is moved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CESA-2013_0503

CVE-2012-4450

RHSA-2013:0503

RHSA-2013_0503

Produtos afetados

389 Directory Server

Centos

Red Hat

PT-2012-5407 · Red Hat+1 · 389 Directory Server+2

CVE-2012-4450

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25