The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x prior to 1.2.11.20 and 1.3.x prior to 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote malicious users to obtain sensitive information outside of the rootDSE via a crafted LDAP search.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject 389 directory server 1.2.6 |
||
fedoraproject 389 directory server 1.2.2 |
||
fedoraproject 389 directory server 1.2.10 |
||
fedoraproject 389 directory server 1.2.11.6 |
||
fedoraproject 389 directory server 1.2.8 |
||
fedoraproject 389 directory server 1.2.11.5 |
||
fedoraproject 389 directory server 1.2.11.8 |
||
fedoraproject 389 directory server 1.2.11.15 |
||
fedoraproject 389 directory server 1.2.11.19 |
||
fedoraproject 389 directory server 1.2.5 |
||
fedoraproject 389 directory server 1.2.7.5 |
||
fedoraproject 389 directory server 1.2.10.4 |
||
fedoraproject 389 directory server 1.2.10.11 |
||
fedoraproject 389 directory server 1.2.1 |
||
fedoraproject 389 directory server 1.2.11.10 |
||
fedoraproject 389 directory server 1.2.11.11 |
||
fedoraproject 389 directory server 1.2.11.12 |
||
fedoraproject 389 directory server 1.2.11.13 |
||
fedoraproject 389 directory server 1.2.7 |
||
fedoraproject 389 directory server 1.2.3 |
||
fedoraproject 389 directory server 1.2.10.3 |
||
fedoraproject 389 directory server 1.2.8.1 |
||
fedoraproject 389 directory server 1.2.8.3 |
||
fedoraproject 389 directory server 1.2.8.2 |
||
fedoraproject 389 directory server 1.2.6.1 |
||
fedoraproject 389 directory server 1.2.10.2 |
||
fedoraproject 389 directory server 1.2.9.9 |
||
fedoraproject 389 directory server 1.2.11.1 |
||
fedoraproject 389 directory server 1.2.11.9 |
||
fedoraproject 389 directory server 1.2.11.14 |
||
fedoraproject 389 directory server 1.2.11.17 |
||
fedoraproject 389 directory server 1.3.0.3 |
||
fedoraproject 389 directory server 1.3.0.2 |
||
fedoraproject 389 directory server 1.3.0.4 |