CVE-2013-1897

Name of the Vulnerable Software and Affected Versions 389 Directory Server versions 1.2.x through 1.2.11.19 389 Directory Server versions 1.3.x through 1.3.0.4

Description The issue allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search, due to the do search function not properly restricting access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used.

Recommendations For 389 Directory Server versions 1.2.x through 1.2.11.19, update to version 1.2.11.20 or later. For 389 Directory Server versions 1.3.x through 1.3.0.4, update to version 1.3.0.5 or later.