Published: 23/11/2013 Updated: 22/04/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server prior to 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux 6.0
fedoraproject 389 directory server 1.2.11.15
redhat directory server
redhat directory server 8.1
redhat directory server 8.0
redhat directory server 7.1

Synopsis Important: redhat-ds-base security update Type/Severity Security Advisory: Important Topic Updated redhat-ds-base packages that fix one security issue are now availablefor Red Hat Directory Server 8The Red Hat Security Response Team has rated this update as havingimportant security impact A Commo ...

Synopsis Important: 389-ds-base security update Type/Severity Security Advisory: Important Topic Updated 389-ds-base packages that fix one security issue are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vuln ...

Debian Bug report logs - #730115 389-ds-base: CVE-2013-4485: DoS due to improper handling of ger attr searches Package: 389-ds-base; Maintainer for 389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds-base is src:389-ds-base (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso ...

Debian Bug report logs - #704077 CVE-2013-0336 Package: 389-ds; Maintainer for 389-ds is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds is src:389-ds-base (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 27 Mar 2013 17:00:02 UTC Severity: grave Tag ...

Debian Bug report logs - #718325 389-ds-base: CVE-2013-2219: ACLs inoperative in some search scenarios Package: src:389-ds-base; Maintainer for src:389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 30 Jul 2013 08:36:01 UTC ...

Debian Bug report logs - #704421 389-ds-base: CVE-2013-1897: unintended information exposure when rootdse is enabled Package: 389-ds-base; Maintainer for 389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds-base is src:389-ds-base (PTS, buildd, popcon) Reported by: Salvatore Bonac ...

Debian Bug report logs - #721222 389-ds-base: CVE-2013-4283 Package: 389-ds-base; Maintainer for 389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Source for 389-ds-base is src:389-ds-base (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 29 Aug 2013 08:42 ...

It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights (GER) search queries when the attribute list, which is a part of the query, included several names using the '@' character An attacker able to submit search queries to the 389 Directory Server could cause it to crash ...

CWE-20 http://secunia.com/advisories/55765 http://rhn.redhat.com/errata/RHSA-2013-1752.html http://rhn.redhat.com/errata/RHSA-2013-1753.html https://access.redhat.com/errata/RHSA-2013:1753 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2013-255.html

Get Started

CVE-2013-4485

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect