CVE Vulnerabilities

CVE-2011-0022

Published: Feb 23, 2011 | Modified: Mar 31, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.7 MEDIUM
AV:L/AC:M/Au:N/C:N/I:N/A:C
RedHat/V2
4.7 MODERATE
AV:L/AC:M/Au:N/C:N/I:N/A:C
RedHat/V3
Ubuntu

The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.

Affected Software

Name Vendor Start Version End Version
389_directory_server Fedoraproject 1.2.1 (including) 1.2.1 (including)
389_directory_server Fedoraproject 1.2.2 (including) 1.2.2 (including)
389_directory_server Fedoraproject 1.2.3 (including) 1.2.3 (including)
389_directory_server Fedoraproject 1.2.5 (including) 1.2.5 (including)
389_directory_server Fedoraproject 1.2.5-rc1 (including) 1.2.5-rc1 (including)
389_directory_server Fedoraproject 1.2.5-rc2 (including) 1.2.5-rc2 (including)
389_directory_server Fedoraproject 1.2.5-rc3 (including) 1.2.5-rc3 (including)
389_directory_server Fedoraproject 1.2.5-rc4 (including) 1.2.5-rc4 (including)
389_directory_server Fedoraproject 1.2.6 (including) 1.2.6 (including)
389_directory_server Fedoraproject 1.2.6-a2 (including) 1.2.6-a2 (including)
389_directory_server Fedoraproject 1.2.6-a3 (including) 1.2.6-a3 (including)
389_directory_server Fedoraproject 1.2.6-a4 (including) 1.2.6-a4 (including)
389_directory_server Fedoraproject 1.2.6-rc1 (including) 1.2.6-rc1 (including)
389_directory_server Fedoraproject 1.2.6-rc2 (including) 1.2.6-rc2 (including)
389_directory_server Fedoraproject 1.2.6-rc3 (including) 1.2.6-rc3 (including)
389_directory_server Fedoraproject 1.2.6-rc6 (including) 1.2.6-rc6 (including)
389_directory_server Fedoraproject 1.2.6-rc7 (including) 1.2.6-rc7 (including)
389_directory_server Fedoraproject 1.2.6.1 (including) 1.2.6.1 (including)
389_directory_server Fedoraproject 1.2.7-alpha3 (including) 1.2.7-alpha3 (including)
389_directory_server Fedoraproject 1.2.7.5 (including) 1.2.7.5 (including)
389_directory_server Fedoraproject 1.2.8-alpha1 (including) 1.2.8-alpha1 (including)
389_directory_server Fedoraproject 1.2.8-alpha2 (including) 1.2.8-alpha2 (including)
Red Hat Directory Server 8 for RHEL 5 RedHat redhat-ds-admin-0:8.2.1-1.el5dsrv *
Red Hat Directory Server 8 for RHEL 5 RedHat redhat-ds-base-0:8.2.4-1.el5dsrv *

References