Filtered by vendor Fedoraproject Subscriptions
Filtered by product 389 Directory Server Subscriptions
Total 39 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-1054 2 Fedoraproject, Redhat 5 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 2 more 2024-09-17 N/A
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
CVE-2017-15134 2 Fedoraproject, Redhat 5 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 2 more 2024-09-16 N/A
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
CVE-2013-0312 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2024-09-16 N/A
389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.
CVE-2010-4746 1 Fedoraproject 1 389 Directory Server 2024-09-16 N/A
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019.
CVE-2010-3282 3 Fedoraproject, Hp, Redhat 4 389 Directory Server, Hp-ux Directory Server, Directory Server and 1 more 2024-08-07 3.3 Low
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
CVE-2011-1067 1 Fedoraproject 1 389 Directory Server 2024-08-06 N/A
slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.
CVE-2011-0704 1 Fedoraproject 1 389 Directory Server 2024-08-06 N/A
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.
CVE-2011-0532 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2024-08-06 N/A
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2011-0022 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2024-08-06 N/A
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.
CVE-2011-0019 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2024-08-06 N/A
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.
CVE-2012-4450 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2024-08-06 N/A
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
CVE-2012-2746 2 Fedoraproject, Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2024-08-06 N/A
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
CVE-2012-2678 2 Fedoraproject, Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2024-08-06 N/A
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
CVE-2012-0833 2 Fedoraproject, Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2024-08-06 N/A
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.
CVE-2013-4485 2 Fedoraproject, Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2024-08-06 N/A
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
CVE-2013-4283 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2024-08-06 N/A
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
CVE-2013-2219 2 Fedoraproject, Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2024-08-06 N/A
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.
CVE-2013-1897 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2024-08-06 N/A
The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.
CVE-2014-8112 2 Fedoraproject, Redhat 3 389 Directory Server, Fedora, Enterprise Linux 2024-08-06 N/A
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.
CVE-2014-8105 2 Fedoraproject, Redhat 3 389 Directory Server, Fedora, Enterprise Linux 2024-08-06 N/A
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.