Описание
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-0132
- https://access.redhat.com/errata/RHSA-2014:0292
- https://access.redhat.com/security/cve/CVE-2014-0132
- https://bugzilla.redhat.com/show_bug.cgi?id=1074845
- https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a
- https://fedorahosted.org/389/ticket/47739
- http://rhn.redhat.com/errata/RHSA-2014-0292.html
- http://secunia.com/advisories/57412
- http://secunia.com/advisories/57427
Связанные уязвимости
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
The SASL authentication functionality in 389 Directory Server before 1 ...
