Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4450

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2012-4450
Last Modified 07 Mar 2013 11:09:32
Published 30 Sep 2012 11:26:16
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-4450

Summary

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.

Vulnerable Systems

Application

  • Fedoraproject 389 Directory Server 1.2.10


References

CONFIRM - https://fedorahosted.org/389/ticket/340

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=860772

MLIST - [oss-security] 20120926 Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)

MLIST - [oss-security] 20120926 CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)

SECUNIA - 50713

CONFIRM - http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09

BID - 55690

REDHAT - RHSA-2013:0503


Last Updated: 27 May 2016 11:00:49