Authentication Vulnerability in 389 Directory Server by Red Hat
CVE-2014-0132

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: 389 Directory Server
Vendor: CVE Published:; 18 March 2014

Summary

The SASL authentication mechanism in 389 Directory Server prior to version 1.2.11.26 contains a flaw that allows authenticated remote users to connect as any user. This is achievable through manipulation of the authzid parameter during a SASL/GSSAPI bind, potentially enabling attackers to escalate privileges and access sensitive data or system functions beyond their intended permissions.

References

https://fedorahosted.org/389/changeset/76acff12a86110d416...

x_refsource_CONFIRM

http://secunia.com/advisories/57427

third-party-advisoryx_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2014-0292.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Mar 18, 2014
Vulnerability Reserved
Dec 3, 2013