CVE-2011-0022

CWE-3998 documents6 sources

Severity

4.7MEDIUM

EPSS

0.0%

top 89.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject 389 Directory Server Redhat Directory Server

Timeline

PublishedFeb 23

Latest updateMay 4

Description

The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages2 packages

▶NVDredhat/directory_server8.2, 8.2.3+1

▶NVDfedoraproject/389_directory_server9 versions+8

🔴Vulnerability Details

GHSA

Denial of Service in Apache Tomcat↗2022-05-04

▶

GHSA

GHSA-89f5-968h-h37p: The setup scripts in 389 Directory Server 1↗2022-05-03

▶

CVEList

CVE-2011-0022: The setup scripts in 389 Directory Server 1↗2011-02-23

▶

📋Vendor Advisories

Red Hat

tomcat: large number of parameters DoS↗2012-01-17

▶

Red Hat

Server: insecure pid file directory permissions↗2011-02-22

▶

💬Community

Bugzilla

CVE-2011-4295 CVE-2011-4296 moodle: multiple flaws in 2.x < 2.0.4 (MSA-11-0021, MSA-11-0022)↗2011-08-11

▶

Bugzilla

CVE-2011-0022 Directory Server: insecure pid file directory permissions↗2011-01-20

▶