Access Control Vulnerability in 389 Directory Server by Red Hat
CVE-2013-1897

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: 389 Directory Server
Vendor: CVE Published:; 13 May 2013

Summary

The do_search function within the 389 Directory Server could allow remote attackers to gain unauthorized access to sensitive information. This occurs due to insufficient access restrictions when the nsslapd-allow-anonymous-access setting is configured to grant access to the rootDSE. When the BASE search scope is utilized, attackers can exploit this flaw via a crafted LDAP search, potentially exposing critical data that should have remained protected.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=38...

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=928105

x_refsource_CONFIRM

Timeline

Vulnerability published
May 13, 2013
Vulnerability Reserved
Feb 19, 2013