PT-2013-3455 · Red Hat+1 · 389 Directory Server+2

Mkosek

Published

2013-04-15

Updated

2013-05-14

CVE-2013-1897

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions 389 Directory Server versions 1.2.x through 1.2.11.19 389 Directory Server versions 1.3.x through 1.3.0.4

Description The issue allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search, due to the do search function not properly restricting access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used.

Recommendations For 389 Directory Server versions 1.2.x through 1.2.11.19, update to version 1.2.11.20 or later. For 389 Directory Server versions 1.3.x through 1.3.0.4, update to version 1.3.0.5 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2013_0742

CVE-2013-1897

RHSA-2013:0742

RHSA-2013_0742

Affected Products

389 Directory Server

Centos

Red Hat

PT-2013-3455 · Red Hat+1 · 389 Directory Server+2

CVE-2013-1897

Weakness Enumeration

Related Identifiers

Affected Products

References · 23