Vulnerability in Fedoraproject 389_directory_server

CVE-2013-1897

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to root…

EPSS: 0.006 (68.8th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject 389_directory_server — versions 1.2.1, 1.2.2, 1.2.3
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

FEDORA-2013-4578 (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
RHSA-2013:0742 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)