Описание
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server.
Отчет
This issue does not affect the version of 389-ds-base package as shipped with Red Hat Enterprise Linux 6.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Directory Server 8 | redhat-ds-base | Not affected | ||
| Red Hat Enterprise Linux 6 | 389-ds-base | Not affected | ||
| Red Hat Enterprise Linux 7 | 389-ds-base | Fixed | RHSA-2015:0895 | 28.04.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS2
Связанные уязвимости
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
389 Directory Server before 1.3.3.10 allows attackers to bypass intend ...
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
EPSS
4.8 Medium
CVSS2