CVE-2012-0833 — Infinite Loop in 389 Directory Server

CWE-2647 documents7 sources

Severity

2.3LOWNVD

EPSS

0.2%

top 56.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject 389 Directory Server

Timeline

PublishedJul 3

Latest updateMay 17

Description

The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.

CVSS vector

AV:A/AC:M/C:N/I:N/A:PExploitability: 4.4 | Impact: 2.9

Affected Packages1 packages

▶NVDfedoraproject/389_directory_server1.2.10+14

Patches

Patch: fedorahosted.org ↗Patch: fedorahosted.org ↗

🔴Vulnerability Details

GHSA

GHSA-29ch-37gp-6r87: The acllas__handle_group_entry function in servers/plugins/acl/acllas↗2022-05-17

▶

CVEList

CVE-2012-0833: The acllas__handle_group_entry function in servers/plugins/acl/acllas↗2012-07-03

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 8.1/2012 R2 - SMBv3 Null Pointer Dereference Denial of Service↗2018-02-27

▶

📋Vendor Advisories

Red Hat

389: denial of service when using certificate groups↗2012-01-05

▶

Debian

CVE-2012-0833: 389-ds-base - The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 D...↗2012

▶

💬Community

Bugzilla

CVE-2012-0833 389: denial of service when using certificate groups↗2012-02-02

▶