Vulnerability Details CVE-2012-4450
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.4%
CVSS Severity
CVSS v2 Score 6.0
References
- http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
- http://rhn.redhat.com/errata/RHSA-2013-0503.html
- http://secunia.com/advisories/50713
- http://www.openwall.com/lists/oss-security/2012/09/26/3
- http://www.openwall.com/lists/oss-security/2012/09/26/5
- http://www.securityfocus.com/bid/55690
- https://bugzilla.redhat.com/show_bug.cgi?id=860772
- https://fedorahosted.org/389/ticket/340
- http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
- http://rhn.redhat.com/errata/RHSA-2013-0503.html
- http://secunia.com/advisories/50713
- http://www.openwall.com/lists/oss-security/2012/09/26/3
- http://www.openwall.com/lists/oss-security/2012/09/26/5
- http://www.securityfocus.com/bid/55690
- https://bugzilla.redhat.com/show_bug.cgi?id=860772
- https://fedorahosted.org/389/ticket/340
Products affected by CVE-2012-4450
-
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10