CVE Vulnerabilities

CVE-2011-0532

Published: Feb 23, 2011 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.2 MEDIUM
AV:L/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Affected Software

Name Vendor Start Version End Version
389_directory_server Fedoraproject 1.2.5 1.2.5
389_directory_server Fedoraproject 1.2.3 1.2.3
389_directory_server Fedoraproject 1.2.5 1.2.5
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.7.5 1.2.7.5
389_directory_server Fedoraproject 1.2.1 1.2.1
389_directory_server Fedoraproject 1.2.2 1.2.2
389_directory_server Fedoraproject 1.2.5 1.2.5
389_directory_server Fedoraproject 1.2.8 1.2.8
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.6.1 1.2.6.1
389_directory_server Fedoraproject 1.2.5 1.2.5
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.5 1.2.5
389_directory_server Fedoraproject 1.2.8 1.2.8
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.7 1.2.7

References