PT-2012-5407 · Red Hat+1 · 389 Directory Server+2

Noriko Hosoi

Published

2012-10-01

Updated

2013-03-09

CVE-2012-4450

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions 389 Directory Server version 1.2.10

Description The issue arises from the improper update of the Access Control List (ACL) when a Distinguished Name (DN) entry is moved by a modrdn operation. This allows remote authenticated users with specific permissions to bypass ACL restrictions and access the DN entry.

Recommendations For 389 Directory Server version 1.2.10, consider restricting access to the modrdn operation until a proper fix is applied to ensure the ACL is correctly updated when a DN entry is moved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2013_0503

CVE-2012-4450

RHSA-2013:0503

RHSA-2013_0503

Affected Products

389 Directory Server

Centos

Red Hat

PT-2012-5407 · Red Hat+1 · 389 Directory Server+2

CVE-2012-4450

Weakness Enumeration

Related Identifiers

Affected Products

References · 25