Vulnerability Description
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | 389 Directory Server | <= 1.2.10 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2012-0813.html
- http://secunia.com/advisories/48035Vendor Advisory
- http://secunia.com/advisories/49562Vendor Advisory
- https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/ExploitPatch
- https://fedorahosted.org/389/ticket/162
- http://rhn.redhat.com/errata/RHSA-2012-0813.html
- http://secunia.com/advisories/48035Vendor Advisory
- http://secunia.com/advisories/49562Vendor Advisory
- https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/ExploitPatch
- https://fedorahosted.org/389/ticket/162
FAQ
What is CVE-2012-0833?
CVE-2012-0833 is a vulnerability with a CVSS score of 2.3 (LOW). The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, ...
How severe is CVE-2012-0833?
CVE-2012-0833 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0833?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject 389 Directory Server.