Summary: | <net-nds/389-ds-base-1.2.11.15: "modifyRDN" ACL Bypass Vulnerability (CVE-2012-4450) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | lxnay |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/50713/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-10-01 12:23:14 UTC
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4450 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. CVE-2012-4450 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4450): 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. Fixed in CVS. 02 Oct 2012; Fabio Erculiani <lxnay@gentoo.org> +389-ds-base-1.2.11.15.ebuild, +files/389-ds-base-1.2.11.16-cve-2012-4450.patch, +files/389-ds-base-1.2.11-fix-mozldap.patch, -389-ds-base-1.2.8.3.ebuild, -389-ds-base-1.2.9.6.ebuild: version bump, closes #405127, #428178, #436768 Thanks, Fabio. Closing noglsa for ~arch only. |