Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0132

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-0132
Last Modified 19 Mar 2014 10:12:09
Published 18 Mar 2014 01:02:53
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-0132

Summary

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.

Vulnerable Systems

Application

  • Fedoraproject 389 Directory Server 1.2.11.1

  • Fedoraproject 389 Directory Server 1.2.11.10

  • Fedoraproject 389 Directory Server 1.2.11.11

  • Fedoraproject 389 Directory Server 1.2.11.12

  • Fedoraproject 389 Directory Server 1.2.11.13

  • Fedoraproject 389 Directory Server 1.2.11.14

  • Fedoraproject 389 Directory Server 1.2.11.15

  • Fedoraproject 389 Directory Server 1.2.11.17

  • Fedoraproject 389 Directory Server 1.2.11.19

  • Fedoraproject 389 Directory Server 1.2.11.20

  • Fedoraproject 389 Directory Server 1.2.11.21

  • Fedoraproject 389 Directory Server 1.2.11.22

  • Fedoraproject 389 Directory Server 1.2.11.23

  • Fedoraproject 389 Directory Server 1.2.11.25

  • Fedoraproject 389 Directory Server 1.2.11.5

  • Fedoraproject 389 Directory Server 1.2.11.6

  • Fedoraproject 389 Directory Server 1.2.11.8

  • Fedoraproject 389 Directory Server 1.2.11.9


References

CONFIRM - https://fedorahosted.org/389/ticket/47739

CONFIRM - https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/

SECUNIA - 57427

SECUNIA - 57412

REDHAT - RHSA-2014:0292


Last Updated: 27 May 2016 11:04:44