Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 463630 (CVE-2013-1897) - <net-nds/389-ds-base-1.3.4.7: unintended information exposure when rootdse is enabled (CVE-2013-1897)
Summary: <net-nds/389-ds-base-1.3.4.7: unintended information exposure when rootdse is...
Status: RESOLVED FIXED
Alias: CVE-2013-1897
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: ~4 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-28 16:51 UTC by Agostino Sarubbo
Modified: 2016-03-01 06:06 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-28 16:51:18 UTC
From ${URL} :

It was found that the 389 Directory Server did not properly restrict access to entries when the 
'nsslapd-allow-anonymous-access' configuration setting is set to 'rootdse'.  An anonymous user 
could connect to the LDAP database and, if the search scope is set to BASE, obtain access to 
information outside of the rootDSE.  The 'rootdse' option exists to provide anonymous access to the 
rootDSE but no other entries in the directory.  An administrator could believe that directory 
entries are being restricted with this option enabled, however the information provided would be 
the same as if 'nsslapd-allow-anonymous-access' were set to 'on'.

ACI's are still properly evaluated despite this flaw, so this can easily be mitigated by removing 
the anonymous read ACL.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-08-28 23:21:10 UTC
CVE-2013-1897 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1897):
  The do_search function in ldap/servers/slapd/search.c in 389 Directory
  Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly
  restrict access to entries when the nsslapd-allow-anonymous-access
  configuration is set to rootdse and the BASE search scope is used, which
  allows remote attackers to obtain sensitive information outside of the
  rootDSE via a crafted LDAP search.
Comment 3 William Brown 2016-02-07 01:47:54 UTC
Hi,

We have updated 389-ds-base to 1.3.4.7. This should resolve the issue.

Thanks,
Comment 4 Adam Feldman gentoo-dev 2016-02-07 01:57:20 UTC
Referenced commit 5a7174bf7122309eee568651fb5f3413155f9fc2
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2016-02-21 11:19:04 UTC
net-nds/389-ds-base-1.3.4.7 in tree.  No other versions present which are vulnerable.
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2016-03-01 06:06:36 UTC
All vulnerable versions removed.  GLSA Vote: No