The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.
Name | Vendor | Start Version | End Version |
---|---|---|---|
389_directory_server | Fedoraproject | 1.2.5 | 1.2.5 |
389_directory_server | Fedoraproject | 1.2.3 | 1.2.3 |
389_directory_server | Fedoraproject | 1.2.11.9 | 1.2.11.9 |
389_directory_server | Fedoraproject | 1.2.5 | 1.2.5 |
389_directory_server | Fedoraproject | 1.2.8 | 1.2.8 |
389_directory_server | Fedoraproject | 1.2.8 | 1.2.8 |
389_directory_server | Fedoraproject | 1.2.9.9 | 1.2.9.9 |
389_directory_server | Fedoraproject | 1.2.11.8 | 1.2.11.8 |
389_directory_server | Fedoraproject | 1.2.8.3 | 1.2.8.3 |
389_directory_server | Fedoraproject | 1.2.6 | 1.2.6 |
389_directory_server | Fedoraproject | 1.2.6 | 1.2.6 |
389_directory_server | Fedoraproject | 1.2.10 | 1.2.10 |
389_directory_server | Fedoraproject | 1.2.11.13 | 1.2.11.13 |
389_directory_server | Fedoraproject | 1.2.6 | 1.2.6 |
389_directory_server | Fedoraproject | 1.2.8.2 | 1.2.8.2 |
389_directory_server | Fedoraproject | 1.2.7.5 | 1.2.7.5 |
389_directory_server | Fedoraproject | 1.2.1 | 1.2.1 |
389_directory_server | Fedoraproject | 1.2.2 | 1.2.2 |
389_directory_server | Fedoraproject | 1.2.5 | 1.2.5 |
389_directory_server | Fedoraproject | 1.2.8 | 1.2.8 |
389_directory_server | Fedoraproject | 1.2.6 | 1.2.6 |
389_directory_server | Fedoraproject | 1.2.11.17 | 1.2.11.17 |
389_directory_server | Fedoraproject | 1.2.10 | 1.2.10 |
389_directory_server | Fedoraproject | 1.2.11.19 | 1.2.11.19 |
389_directory_server | Fedoraproject | 1.2.11.12 | 1.2.11.12 |
389_directory_server | Fedoraproject | 1.2.8 | 1.2.8 |
389_directory_server | Fedoraproject | 1.2.6.1 | 1.2.6.1 |
389_directory_server | Fedoraproject | 1.2.11.6 | 1.2.11.6 |
389_directory_server | Fedoraproject | 1.2.11.10 | 1.2.11.10 |
389_directory_server | Fedoraproject | 1.2.5 | 1.2.5 |
389_directory_server | Fedoraproject | 1.2.6 | 1.2.6 |
389_directory_server | Fedoraproject | 1.2.11.11 | 1.2.11.11 |
389_directory_server | Fedoraproject | 1.2.10.3 | 1.2.10.3 |
389_directory_server | Fedoraproject | 1.2.11.1 | 1.2.11.1 |
389_directory_server | Fedoraproject | 1.2.11.5 | 1.2.11.5 |
389_directory_server | Fedoraproject | 1.2.10.4 | 1.2.10.4 |
389_directory_server | Fedoraproject | 1.2.5 | 1.2.5 |
389_directory_server | Fedoraproject | 1.2.10.11 | 1.2.10.11 |
389_directory_server | Fedoraproject | 1.2.10.2 | 1.2.10.2 |
389_directory_server | Fedoraproject | 1.2.8 | 1.2.8 |
389_directory_server | Fedoraproject | 1.2.6 | 1.2.6 |
389_directory_server | Fedoraproject | 1.2.6 | 1.2.6 |
389_directory_server | Fedoraproject | 1.2.6 | 1.2.6 |
389_directory_server | Fedoraproject | 1.2.6 | 1.2.6 |
389_directory_server | Fedoraproject | 1.2.11.14 | 1.2.11.14 |
389_directory_server | Fedoraproject | 1.2.8.1 | 1.2.8.1 |
389_directory_server | Fedoraproject | 1.2.10 | 1.2.10 |
389_directory_server | Fedoraproject | 1.2.11.15 | 1.2.11.15 |
389_directory_server | Fedoraproject | 1.2.7 | 1.2.7 |