CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2013-1897 – 389-ds: unintended information exposure when rootdse is enabled
https://notcve.org/view.php?id=CVE-2013-1897
13 May 2013 — The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search. La función do_search function en ldap/servers/slapd/search.c en 389 Directory Server 1.2.x anteior a 1.2.11.20 y 1.3.x ant... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101323.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2013-0312 – 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data
https://notcve.org/view.php?id=CVE-2013-0312
13 Mar 2013 — 389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence. 389 Directory Server anterior a v1.3.0.4 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una secuencia de control de longitud cero LDAP. • http://directory.fedoraproject.org/wiki/Releases/1.3.0.4 • CWE-189: Numeric Errors •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4450 – 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)
https://notcve.org/view.php?id=CVE-2012-4450
01 Oct 2012 — 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. 389 Directory Server v1.2.10 no actualiza correctamente las ACL cuando una entrada DN es movida por una operación modrdn, lo que permite a usuarios autenticados con ciertos permisos, evitar restricciones ACL y de acceso a entrada DN. • http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 1CVE-2012-0833 – 389: denial of service when using certificate groups
https://notcve.org/view.php?id=CVE-2012-0833
03 Jul 2012 — The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server. La funcion acllas__handle_group_entry en servers/plugins/acl/acllas.c en 389 Directory Server anterior a v1.2.10 no maneja adecuadamente las instruccio... • http://rhn.redhat.com/errata/RHSA-2012-0813.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 42EXPL: 0CVE-2012-2746 – rhds/389: plaintext password disclosure in audit log
https://notcve.org/view.php?id=CVE-2012-2746
03 Jul 2012 — 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. "389 Directory Server" antes de v1.2.11.6 (también conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contraseña de un usuario de LDAP ha cambiado y el registro de auditoría está habilitada, guarda la nueva contraseña... • http://directory.fedoraproject.org/wiki/Release_Notes • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 42EXPL: 0CVE-2012-2678 – rhds/389: plaintext password disclosure flaw
https://notcve.org/view.php?id=CVE-2012-2678
03 Jul 2012 — 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. "389 Directory Server" antes de v1.2.11.6 (también conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contraseña de un usuario de LDAP ha cambiado y anyes de que el servidor haya sido reiniciado, permite a atacantes remot... • http://directory.fedoraproject.org/wiki/Release_Notes • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2010-4746
https://notcve.org/view.php?id=CVE-2010-4746
23 Feb 2011 — Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019. múltiples pérdidas de memoria en la funcionalidad de la normalización en 389 Directory Server anteriores a v1.2.7.5 permite a atacantes remoto... • http://directory.fedoraproject.org/wiki/Release_Notes • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2011-1067
https://notcve.org/view.php?id=CVE-2011-1067
23 Feb 2011 — slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019. slapd (también conocido como ns-slapd) en 389 Directory Server anterior a v1.2.8.a2, no maneja adecuadamente el campo c_timelimit del elemento d... • http://directory.fedoraproject.org/wiki/Release_Notes • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2011-0019 – Server: crash with multiple simple paged result searches
https://notcve.org/view.php?id=CVE-2011-0019
23 Feb 2011 — slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. slapd (también conocido como ns-slapd) en 389 Directory Server v1.2.7.5 (también conocido como Red Hat Directory Server v8.2.x o dirsrv) no gestiona correctamente las consultas paginadas simples, lo que permite ... • http://www.redhat.com/support/errata/RHSA-2011-0293.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2011-0022 – Server: insecure pid file directory permissions
https://notcve.org/view.php?id=CVE-2011-0022
23 Feb 2011 — The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. Las secuencias de comandos de configuración en 389 Directory Server v1.2.x (también conocido como Red Hat Directory Server 8.2.x)), cuando varias instancias sin p... • http://www.redhat.com/support/errata/RHSA-2011-0293.html • CWE-399: Resource Management Errors •