Описание
ELSA-2014-0292: 389-ds-base security update (IMPORTANT)
[1.2.11.15-32]
- Resolves: bug 1074847 - EMBARGOED CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation [rhel-6.5.z] (Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
389-ds-base
1.2.11.15-32.el6_5
389-ds-base-devel
1.2.11.15-32.el6_5
389-ds-base-libs
1.2.11.15-32.el6_5
Oracle Linux i686
389-ds-base
1.2.11.15-32.el6_5
389-ds-base-devel
1.2.11.15-32.el6_5
389-ds-base-libs
1.2.11.15-32.el6_5
Связанные CVE
Связанные уязвимости
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
The SASL authentication functionality in 389 Directory Server before 1 ...
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.