Vulnerability in Fedoraproject 389_directory_server
CVE-2012-4450
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
EPSS: 0.004 (59.7th percentile) — read the EPSS interpretation.
Affected products
- Fedoraproject 389_directory_server — versions 1.2.10
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 50713 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- RHSA-2013:0503 (x_refsource_REDHAT, vendor-advisory)
- [oss-security] 20120926 CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) (mailing-list, x_refsource_MLIST)
- [oss-security] 20120926 Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) (mailing-list, x_refsource_MLIST)
- 55690 (vdb-entry, x_refsource_BID)