CVE Vulnerabilities

CVE-2013-1897

Published: May 13, 2013 | Modified: May 14, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.

Affected Software

Name Vendor Start Version End Version
389_directory_server Fedoraproject 1.2.5 1.2.5
389_directory_server Fedoraproject 1.2.3 1.2.3
389_directory_server Fedoraproject 1.2.11.9 1.2.11.9
389_directory_server Fedoraproject 1.2.5 1.2.5
389_directory_server Fedoraproject 1.2.8 1.2.8
389_directory_server Fedoraproject 1.2.8 1.2.8
389_directory_server Fedoraproject 1.2.9.9 1.2.9.9
389_directory_server Fedoraproject 1.2.11.8 1.2.11.8
389_directory_server Fedoraproject 1.2.8.3 1.2.8.3
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.10 1.2.10
389_directory_server Fedoraproject 1.2.11.13 1.2.11.13
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.8.2 1.2.8.2
389_directory_server Fedoraproject 1.2.7.5 1.2.7.5
389_directory_server Fedoraproject 1.2.1 1.2.1
389_directory_server Fedoraproject 1.2.2 1.2.2
389_directory_server Fedoraproject 1.2.5 1.2.5
389_directory_server Fedoraproject 1.2.8 1.2.8
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.11.17 1.2.11.17
389_directory_server Fedoraproject 1.2.10 1.2.10
389_directory_server Fedoraproject 1.2.11.19 1.2.11.19
389_directory_server Fedoraproject 1.2.11.12 1.2.11.12
389_directory_server Fedoraproject 1.2.8 1.2.8
389_directory_server Fedoraproject 1.2.6.1 1.2.6.1
389_directory_server Fedoraproject 1.2.11.6 1.2.11.6
389_directory_server Fedoraproject 1.2.11.10 1.2.11.10
389_directory_server Fedoraproject 1.2.5 1.2.5
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.11.11 1.2.11.11
389_directory_server Fedoraproject 1.2.10.3 1.2.10.3
389_directory_server Fedoraproject 1.2.11.1 1.2.11.1
389_directory_server Fedoraproject 1.2.11.5 1.2.11.5
389_directory_server Fedoraproject 1.2.10.4 1.2.10.4
389_directory_server Fedoraproject 1.2.5 1.2.5
389_directory_server Fedoraproject 1.2.10.11 1.2.10.11
389_directory_server Fedoraproject 1.2.10.2 1.2.10.2
389_directory_server Fedoraproject 1.2.8 1.2.8
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.6 1.2.6
389_directory_server Fedoraproject 1.2.11.14 1.2.11.14
389_directory_server Fedoraproject 1.2.8.1 1.2.8.1
389_directory_server Fedoraproject 1.2.10 1.2.10
389_directory_server Fedoraproject 1.2.11.15 1.2.11.15
389_directory_server Fedoraproject 1.2.7 1.2.7

References