Vulnerability in Fedoraproject 389_directory_server

CVE-2011-0532

The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local…

EPSS: 0.000 (15.0th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject 389_directory_server — versions 1.2.1, 1.2.2, 1.2.3
Redhat Directory_server — versions 8.2, 8.2.3
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

1025102 (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2011:0293 (x_refsource_REDHAT, vendor-advisory)
rhds-ldlibrarypath-priv-esc(65637) (vdb-entry, x_refsource_XF)
46489 (vdb-entry, x_refsource_BID)