OpenCVE

The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:M/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	389 Directory Server
Redhat	Directory Server Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:fedoraproject:389_directory_server::rc1::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8::::::

Package	CPE	Advisory	Released Date
Red Hat Directory Server 8 for RHEL 5
adminutil-0:1.1.8-3.el5dsrv	cpe:/a:redhat:directory_server:8::el5	RHSA-2013:0549	2013-02-21T00:00:00Z
redhat-ds-base-0:8.2.11-5.el5dsrv	cpe:/a:redhat:directory_server:8::el5	RHSA-2013:0549	2013-02-21T00:00:00Z
Red Hat Enterprise Linux 6
389-ds-base-0:1.2.10.2-15.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2012:0813	2012-06-19T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2012-0813.html
http://secunia.com/advisories/48035
http://secunia.com/advisories/49562
https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base
https://fedorahosted.org/389/ticket/162
https://nvd.nist.gov/vuln/detail/CVE-2012-0833
https://www.cve.org/CVERecord?id=CVE-2012-0833

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-03T16:00:00Z

Updated: 2024-08-06T18:38:14.890Z

Reserved: 2012-01-19T00:00:00Z

Link: CVE-2012-0833

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-07-03T16:40:31.583

Modified: 2012-07-17T04:00:00.000

Link: CVE-2012-0833

Redhat

Severity : Low

Publid Date: 2012-01-05T00:00:00Z

Links: CVE-2012-0833 - Bugzilla

Metrics

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object