[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2013-1897

Date: (C)2013-05-14   (M)2016-05-19
 
CVSS Score: 2.6Access Vector: NETWORK
Exploitability Subscore: 4.9Access Complexity: HIGH
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE











The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.

Reference:
FEDORA-2013-4578
RHSA-2013:0742
https://bugzilla.redhat.com/show_bug.cgi?id=928105
https://fedorahosted.org/389/ticket/47308
https://fedorahosted.org/freeipa/ticket/3540
https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286

CPE    52
cpe:/a:fedoraproject:389_directory_server:1.3.0.4
cpe:/a:fedoraproject:389_directory_server:1.3.0.2
cpe:/a:fedoraproject:389_directory_server:1.3.0.3
cpe:/a:fedoraproject:389_directory_server:1.2.10
...
CWE    1
CWE-264
OVAL    7
oval:org.secpod.oval:def:105139
oval:org.secpod.oval:def:104796
oval:org.secpod.oval:def:501040
oval:org.secpod.oval:def:1600236
...

© 2013 SecPod Technologies