Access Control Bypass in 389 Directory Server Affects Red Hat
CVE-2012-4450

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: 389 Directory Server
Vendor: CVE Published:; 1 October 2012

Summary

The vulnerability in 389 Directory Server 1.2.10 arises when the Access Control List (ACL) is not properly updated during a 'modrdn' operation that moves a Distinguished Name (DN) entry. This flaw enables remote authenticated users, who have specific permissions, to circumvent ACL restrictions, potentially granting them unauthorized access to sensitive DN entries. Organizations using this version should take immediate steps to mitigate this risk.

References

https://bugzilla.redhat.com/show_bug.cgi?id=860772

x_refsource_MISC

https://fedorahosted.org/389/ticket/340

x_refsource_CONFIRM

http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5b...

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 1, 2012
Vulnerability Reserved
Aug 21, 2012