Published: 10/09/2013 Updated: 11/09/2013

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

ns-slapd in 389 Directory Server prior to 1.3.0.8 allows remote malicious users to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject 389 directory server
fedoraproject 389 directory server 1.3.0.5
fedoraproject 389 directory server 1.3.0.3
fedoraproject 389 directory server 1.3.0.4
fedoraproject 389 directory server 1.3.0.6
fedoraproject 389 directory server 1.3.0.2

Synopsis Important: 389-ds-base security update Type/Severity Security Advisory: Important Topic Updated 389-ds-base packages that fix one security issue are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vuln ...

Debian Bug report logs - #730115 389-ds-base: CVE-2013-4485: DoS due to improper handling of ger attr searches Package: 389-ds-base; Maintainer for 389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds-base is src:389-ds-base (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso ...

Debian Bug report logs - #704077 CVE-2013-0336 Package: 389-ds; Maintainer for 389-ds is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds is src:389-ds-base (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 27 Mar 2013 17:00:02 UTC Severity: grave Tag ...

Debian Bug report logs - #718325 389-ds-base: CVE-2013-2219: ACLs inoperative in some search scenarios Package: src:389-ds-base; Maintainer for src:389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 30 Jul 2013 08:36:01 UTC ...

Debian Bug report logs - #704421 389-ds-base: CVE-2013-1897: unintended information exposure when rootdse is enabled Package: 389-ds-base; Maintainer for 389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds-base is src:389-ds-base (PTS, buildd, popcon) Reported by: Salvatore Bonac ...

Debian Bug report logs - #721222 389-ds-base: CVE-2013-4283 Package: 389-ds-base; Maintainer for 389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds-base is src:389-ds-base (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 29 Aug 2013 08:42 ...

ns-slapd in 389 Directory Server before 1308 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request 389 Directory Server does not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query ...

ns-slapd in 389 Directory Server before 1308 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request ...

CWE-20 http://secunia.com/advisories/54650 http://directory.fedoraproject.org/wiki/Releases/1.3.0.8 http://secunia.com/advisories/54586 https://bugzilla.redhat.com/show_bug.cgi?id=999634 http://rhn.redhat.com/errata/RHSA-2013-1182.html https://access.redhat.com/errata/RHSA-2013:1182 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-4283 https://alas.aws.amazon.com/ALAS-2013-223.html

CVE-2013-4283

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect