CVE-2012-4450 – 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)
https://notcve.org/view.php?id=CVE-2012-4450
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. 389 Directory Server v1.2.10 no actualiza correctamente las ACL cuando una entrada DN es movida por una operación modrdn, lo que permite a usuarios autenticados con ciertos permisos, evitar restricciones ACL y de acceso a entrada DN. • http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09 http://rhn.redhat.com/errata/RHSA-2013-0503.html http://secunia.com/advisories/50713 http://www.openwall.com/lists/oss-security/2012/09/26/3 http://www.openwall.com/lists/oss-security/2012/09/26/5 http://www.securityfocus.com/bid/55690 https://bugzilla.redhat.com/show_bug.cgi?id=860772 https://fedorahosted.org/389/ticket/340 https://access.redhat.com/security/cve/CVE-2012-4 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-2746 – rhds/389: plaintext password disclosure in audit log
https://notcve.org/view.php?id=CVE-2012-2746
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. "389 Directory Server" antes de v1.2.11.6 (también conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contraseña de un usuario de LDAP ha cambiado y el registro de auditoría está habilitada, guarda la nueva contraseña para el registro en texto plano, lo que permite leer la contraseña a usuarios remotos autenticados. • http://directory.fedoraproject.org/wiki/Release_Notes http://rhn.redhat.com/errata/RHSA-2012-0997.html http://rhn.redhat.com/errata/RHSA-2012-1041.html http://secunia.com/advisories/49734 http://www.osvdb.org/83329 http://www.securityfocus.com/bid/54153 https://bugzilla.redhat.com/show_bug.cgi?id=833482 https://exchange.xforce.ibmcloud.com/vulnerabilities/76595 https://fedorahosted.org/389/ticket/365 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=em • CWE-310: Cryptographic Issues •
CVE-2012-2678 – rhds/389: plaintext password disclosure flaw
https://notcve.org/view.php?id=CVE-2012-2678
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. "389 Directory Server" antes de v1.2.11.6 (también conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contraseña de un usuario de LDAP ha cambiado y anyes de que el servidor haya sido reiniciado, permite a atacantes remotos leer contraseñas en claro a través del atributo unhashed#user#password. • http://directory.fedoraproject.org/wiki/Release_Notes http://osvdb.org/83336 http://rhn.redhat.com/errata/RHSA-2012-0997.html http://rhn.redhat.com/errata/RHSA-2012-1041.html http://secunia.com/advisories/49734 http://www.securityfocus.com/bid/54153 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353 https://access.redhat.com/security/cve/CVE-2012-267 • CWE-310: Cryptographic Issues •
CVE-2012-0833 – 389: denial of service when using certificate groups
https://notcve.org/view.php?id=CVE-2012-0833
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server. La funcion acllas__handle_group_entry en servers/plugins/acl/acllas.c en 389 Directory Server anterior a v1.2.10 no maneja adecuadamente las instrucciones de control de acceso (ACIs) que utilizan los grupos de certificados, permitiendo a los usuarios autenticados de LDAP con un certificado de grupo causar una denegación de servicio (bucle infinito y consumo de CPU) mediante la unión ("binding") con el servidor. • http://rhn.redhat.com/errata/RHSA-2012-0813.html http://secunia.com/advisories/48035 http://secunia.com/advisories/49562 https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base https://fedorahosted.org/389/ticket/162 https://access.redhat.com/security/cve/CVE-2012-0833 https://bugzilla.redhat.com/show_bug.cgi?id=787014 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0532 – Server: use of insecure LD_LIBRARY_PATH settings
https://notcve.org/view.php?id=CVE-2011-0532
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Las secuencias de comandos de (1) copia de seguridad y restauración (2) inicialización principal, y (3) ldap-agente en 389 Directory Server v1.2.x (también conocido como Red Hat Directory Server v8.2.x) pone un nombre de directorio con longitud cero en LD_LIBRARY_PATH, lo que permite a usuarios locales conseguir privilegios a través de un troyano en una librería compartida en el directorio de trabajo actual. • http://www.redhat.com/support/errata/RHSA-2011-0293.html http://www.securityfocus.com/bid/46489 http://www.securitytracker.com/id?1025102 https://bugzilla.redhat.com/show_bug.cgi?id=672468 https://exchange.xforce.ibmcloud.com/vulnerabilities/65637 https://access.redhat.com/security/cve/CVE-2011-0532 • CWE-264: Permissions, Privileges, and Access Controls •