CVE-2014-0132

Name of the Vulnerable Software and Affected Versions 389-ds-base versions 1.2.11.15 through 1.2.11.25

Description The issue allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely by an attacker who has passed the authentication procedure.

Recommendations For versions 1.2.11.15 through 1.2.11.25, update to version 1.2.11.26 or later to resolve the issue. As a temporary workaround, consider restricting access to the SASL/GSSAPI bind functionality until a patch is available. Avoid using the authzid parameter in the affected bind operation until the issue is resolved.