Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0833

Overview

Vulnerability Score 2.3 2.3
CVE Id CVE-2012-0833
Last Modified 17 Jul 2012 12:00:00
Published 03 Jul 2012 12:40:31
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-0833

Summary

The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.

Vulnerable Systems

Application

  • Fedoraproject 389 Directory Server 1.2.1

  • Fedoraproject 389 Directory Server 1.2.10

  • Fedoraproject 389 Directory Server 1.2.2

  • Fedoraproject 389 Directory Server 1.2.3

  • Fedoraproject 389 Directory Server 1.2.5

  • Fedoraproject 389 Directory Server 1.2.6

  • Fedoraproject 389 Directory Server 1.2.6.1

  • Fedoraproject 389 Directory Server 1.2.7

  • Fedoraproject 389 Directory Server 1.2.7.5

  • Fedoraproject 389 Directory Server 1.2.8

  • Fedoraproject 389 Directory Server 1.2.8.1

  • Fedoraproject 389 Directory Server 1.2.8.2

  • Fedoraproject 389 Directory Server 1.2.8.3

  • Fedoraproject 389 Directory Server 1.2.9.9


References

CONFIRM - https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base

CONFIRM - https://fedorahosted.org/389/ticket/162

SECUNIA - 49562

SECUNIA - 48035

REDHAT - RHSA-2012:0813


Last Updated: 27 May 2016 10:54:50