CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0CVE-2013-0312 – 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data
https://notcve.org/view.php?id=CVE-2013-0312
389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence. 389 Directory Server anterior a v1.3.0.4 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una secuencia de control de longitud cero LDAP. • http://directory.fedoraproject.org/wiki/Releases/1.3.0.4 http://rhn.redhat.com/errata/RHSA-2013-0628.html http://secunia.com/advisories/52279 http://secunia.com/advisories/52568 http://www.securityfocus.com/bid/58428 https://bugzilla.redhat.com/show_bug.cgi?id=912964 https://fedorahosted.org/389/ticket/571 https://access.redhat.com/security/cve/CVE-2013-0312 • CWE-189: Numeric Errors •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4450 – 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)
https://notcve.org/view.php?id=CVE-2012-4450
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. 389 Directory Server v1.2.10 no actualiza correctamente las ACL cuando una entrada DN es movida por una operación modrdn, lo que permite a usuarios autenticados con ciertos permisos, evitar restricciones ACL y de acceso a entrada DN. • http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09 http://rhn.redhat.com/errata/RHSA-2013-0503.html http://secunia.com/advisories/50713 http://www.openwall.com/lists/oss-security/2012/09/26/3 http://www.openwall.com/lists/oss-security/2012/09/26/5 http://www.securityfocus.com/bid/55690 https://bugzilla.redhat.com/show_bug.cgi?id=860772 https://fedorahosted.org/389/ticket/340 https://access.redhat.com/security/cve/CVE-2012-4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 42EXPL: 0CVE-2012-2746 – rhds/389: plaintext password disclosure in audit log
https://notcve.org/view.php?id=CVE-2012-2746
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. "389 Directory Server" antes de v1.2.11.6 (también conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contraseña de un usuario de LDAP ha cambiado y el registro de auditoría está habilitada, guarda la nueva contraseña para el registro en texto plano, lo que permite leer la contraseña a usuarios remotos autenticados. • http://directory.fedoraproject.org/wiki/Release_Notes http://rhn.redhat.com/errata/RHSA-2012-0997.html http://rhn.redhat.com/errata/RHSA-2012-1041.html http://secunia.com/advisories/49734 http://www.osvdb.org/83329 http://www.securityfocus.com/bid/54153 https://bugzilla.redhat.com/show_bug.cgi?id=833482 https://exchange.xforce.ibmcloud.com/vulnerabilities/76595 https://fedorahosted.org/389/ticket/365 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=em • CWE-310: Cryptographic Issues •
CVSS: 4.0EPSS: 0%CPEs: 42EXPL: 0CVE-2012-2678 – rhds/389: plaintext password disclosure flaw
https://notcve.org/view.php?id=CVE-2012-2678
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. "389 Directory Server" antes de v1.2.11.6 (también conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contraseña de un usuario de LDAP ha cambiado y anyes de que el servidor haya sido reiniciado, permite a atacantes remotos leer contraseñas en claro a través del atributo unhashed#user#password. • http://directory.fedoraproject.org/wiki/Release_Notes http://osvdb.org/83336 http://rhn.redhat.com/errata/RHSA-2012-0997.html http://rhn.redhat.com/errata/RHSA-2012-1041.html http://secunia.com/advisories/49734 http://www.securityfocus.com/bid/54153 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353 https://access.redhat.com/security/cve/CVE-2012-267 • CWE-310: Cryptographic Issues •
CVSS: 2.3EPSS: 0%CPEs: 31EXPL: 1CVE-2012-0833 – 389: denial of service when using certificate groups
https://notcve.org/view.php?id=CVE-2012-0833
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server. La funcion acllas__handle_group_entry en servers/plugins/acl/acllas.c en 389 Directory Server anterior a v1.2.10 no maneja adecuadamente las instrucciones de control de acceso (ACIs) que utilizan los grupos de certificados, permitiendo a los usuarios autenticados de LDAP con un certificado de grupo causar una denegación de servicio (bucle infinito y consumo de CPU) mediante la unión ("binding") con el servidor. • http://rhn.redhat.com/errata/RHSA-2012-0813.html http://secunia.com/advisories/48035 http://secunia.com/advisories/49562 https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base https://fedorahosted.org/389/ticket/162 https://access.redhat.com/security/cve/CVE-2012-0833 https://bugzilla.redhat.com/show_bug.cgi?id=787014 • CWE-264: Permissions, Privileges, and Access Controls •