Search Results (Refine Search)
- CPE Product Version: cpe:/a:fedoraproject:389_directory_server:1.2.6:rc7
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-3562 |
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. Published: August 21, 2014; 10:55:04 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-1897 |
The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search. Published: May 13, 2013; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2012-2746 |
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. Published: July 03, 2012; 12:40:34 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-2678 |
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. Published: July 03, 2012; 12:40:33 PM -0400 |
V3.x:(not available) V2.0: 1.2 LOW |
CVE-2012-0833 |
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server. Published: July 03, 2012; 12:40:31 PM -0400 |
V3.x:(not available) V2.0: 2.3 LOW |
CVE-2011-1067 |
slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019. Published: February 23, 2011; 2:00:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-0532 |
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Published: February 23, 2011; 2:00:01 PM -0500 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2011-0022 |
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. Published: February 23, 2011; 2:00:01 PM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2010-4746 |
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019. Published: February 23, 2011; 2:00:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |