Access Control Issues in 389 Directory Server by Red Hat
CVE-2012-0833

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: 389 Directory Server
Vendor: CVE Published:; 3 July 2012

Summary

The acllas__handle_group_entry function within the 389 Directory Server prior to version 1.2.10 is susceptible to improper management of access control instructions (ACIs) associated with certificate groups. This flaw enables remote authenticated LDAP users, who have a certificate group, to exploit the vulnerability, resulting in a denial of service condition characterized by an infinite loop and high CPU consumption while binding to the server.

References

http://rhn.redhat.com/errata/RHSA-2012-0813.html

vendor-advisoryx_refsource_REDHAT

https://fedorahosted.org/389/ticket/162

x_refsource_CONFIRM

http://secunia.com/advisories/49562

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 3, 2012
Vulnerability Reserved
Jan 19, 2012