From secunia advisory at $URL: Description A vulnerability has been reported in 389 Directory Server, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to an error when performing the "modifyRDN" operation, which can be exploited to bypass the ACL and gain access to restricted entries when a DN entry is moved via database modify RDN function. The vulnerability is reported in version 1.2.10. Other versions may also be affected. Solution Fixed in the GIT repository.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4450 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
CVE-2012-4450 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4450): 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
Fixed in CVS. 02 Oct 2012; Fabio Erculiani <lxnay@gentoo.org> +389-ds-base-1.2.11.15.ebuild, +files/389-ds-base-1.2.11.16-cve-2012-4450.patch, +files/389-ds-base-1.2.11-fix-mozldap.patch, -389-ds-base-1.2.8.3.ebuild, -389-ds-base-1.2.9.6.ebuild: version bump, closes #405127, #428178, #436768
Thanks, Fabio. Closing noglsa for ~arch only.
