Summary: | <net-nds/389-ds-base-1.3.4.8: Search Filter Expressions Evaluation Information Disclosure Security Issue (CVE-2013-2219) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | lxnay |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/54140/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-07-30 15:24:08 UTC
CVE-2013-2219 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2219): The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute. Hi, We have updated 389-ds-base to 1.3.4.7. This should resolve the issue. Thanks, Referenced commit 5a7174bf7122309eee568651fb5f3413155f9fc2 This issued was resolved in 1.3.1 per [0]. No vulnerable versions in tree. [0]: https://fedorahosted.org/389/ticket/47405 |