[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-1897Date: (C)2013-05-14   (M)2023-12-22


The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
FEDORA-2013-4578
RHSA-2013:0742
https://bugzilla.redhat.com/show_bug.cgi?id=928105
https://fedorahosted.org/389/ticket/47308
https://fedorahosted.org/freeipa/ticket/3540
https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286

CPE    52
cpe:/a:fedoraproject:389_directory_server:1.2.8.3
cpe:/a:fedoraproject:389_directory_server:1.2.6:a4
cpe:/a:fedoraproject:389_directory_server:1.2.8.1
cpe:/a:fedoraproject:389_directory_server:1.2.6:a3
...
CWE    1
CWE-264
OVAL    7
oval:org.secpod.oval:def:104796
oval:org.secpod.oval:def:1600236
oval:org.secpod.oval:def:1500148
oval:org.secpod.oval:def:202665
...

© SecPod Technologies