Published: 13/05/2013 Updated: 14/05/2013

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x prior to 1.2.11.20 and 1.3.x prior to 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote malicious users to obtain sensitive information outside of the rootDSE via a crafted LDAP search.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject 389 directory server 1.2.6
fedoraproject 389 directory server 1.2.2
fedoraproject 389 directory server 1.2.10
fedoraproject 389 directory server 1.2.11.6
fedoraproject 389 directory server 1.2.8
fedoraproject 389 directory server 1.2.11.5
fedoraproject 389 directory server 1.2.11.8
fedoraproject 389 directory server 1.2.11.15
fedoraproject 389 directory server 1.2.11.19
fedoraproject 389 directory server 1.2.5
fedoraproject 389 directory server 1.2.7.5
fedoraproject 389 directory server 1.2.10.4
fedoraproject 389 directory server 1.2.10.11
fedoraproject 389 directory server 1.2.1
fedoraproject 389 directory server 1.2.11.10
fedoraproject 389 directory server 1.2.11.11
fedoraproject 389 directory server 1.2.11.12
fedoraproject 389 directory server 1.2.11.13
fedoraproject 389 directory server 1.2.7
fedoraproject 389 directory server 1.2.3
fedoraproject 389 directory server 1.2.10.3
fedoraproject 389 directory server 1.2.8.1
fedoraproject 389 directory server 1.2.8.3
fedoraproject 389 directory server 1.2.8.2
fedoraproject 389 directory server 1.2.6.1
fedoraproject 389 directory server 1.2.10.2
fedoraproject 389 directory server 1.2.9.9
fedoraproject 389 directory server 1.2.11.1
fedoraproject 389 directory server 1.2.11.9
fedoraproject 389 directory server 1.2.11.14
fedoraproject 389 directory server 1.2.11.17
fedoraproject 389 directory server 1.3.0.3
fedoraproject 389 directory server 1.3.0.2
fedoraproject 389 directory server 1.3.0.4

Synopsis Low: 389-ds-base security and bug fix update Type/Severity Security Advisory: Low Topic Updated 389-ds-base packages that fix one security issue and several bugsare now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having lowsecurity impact A ...

Debian Bug report logs - #730115 389-ds-base: CVE-2013-4485: DoS due to improper handling of ger attr searches Package: 389-ds-base; Maintainer for 389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds-base is src:389-ds-base (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso ...

Debian Bug report logs - #704077 CVE-2013-0336 Package: 389-ds; Maintainer for 389-ds is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds is src:389-ds-base (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 27 Mar 2013 17:00:02 UTC Severity: grave Tag ...

Debian Bug report logs - #718325 389-ds-base: CVE-2013-2219: ACLs inoperative in some search scenarios Package: src:389-ds-base; Maintainer for src:389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 30 Jul 2013 08:36:01 UTC ...

Debian Bug report logs - #704421 389-ds-base: CVE-2013-1897: unintended information exposure when rootdse is enabled Package: 389-ds-base; Maintainer for 389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds-base is src:389-ds-base (PTS, buildd, popcon) Reported by: Salvatore Bonac ...

Debian Bug report logs - #721222 389-ds-base: CVE-2013-4283 Package: 389-ds-base; Maintainer for 389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds-base is src:389-ds-base (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 29 Aug 2013 08:42 ...

It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allow-anonymous-access" configuration setting was set to "rootdse" An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access to information outside of the rootDSE (CVE-2013-1897) ...

The do_search function in ldap/servers/slapd/searchc in 389 Directory Server 12x before 121120 and 13x before 1305 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of ...

CWE-264 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101323.html https://bugzilla.redhat.com/show_bug.cgi?id=928105 https://fedorahosted.org/freeipa/ticket/3540 https://fedorahosted.org/389/ticket/47308 http://rhn.redhat.com/errata/RHSA-2013-0742.html https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286 https://access.redhat.com/errata/RHSA-2013:0742 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-1897 https://alas.aws.amazon.com/ALAS-2013-184.html

Get Started

CVE-2013-1897

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect