CVE-2012-4450 — 389 Directory Server vulnerability

CWE-26410 documents8 sources

Severity

6.0MEDIUMNVD

EPSS

0.4%

top 40.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Port389 389-ds-base Fedoraproject 389 Directory Server

Timeline

PublishedOct 1

Latest updateMay 17

Description

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

▶NVDfedoraproject/389_directory_server1.2.10

▶Debianport389/389-ds-base< 1.2.11.15-1+2

Patches

Patch: git.fedorahosted.org ↗Patch: git.fedorahosted.org ↗

🔴Vulnerability Details

GHSA

GHSA-hxpc-5pf5-9xxg: 389 Directory Server 1↗2022-05-17

▶

OSV

CVE-2012-4450: 389 Directory Server 1↗2012-10-01

▶

CVEList

CVE-2012-4450: 389 Directory Server 1↗2012-10-01

▶

💥Exploits & PoCs

Exploit-DB

AirTies-4450 - Unauthorized Remote Reboot (Denial of Service)↗2012-01-08

▶

📋Vendor Advisories

Red Hat

389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)↗2012-04-16

▶

Debian

CVE-2012-4450: 389-ds-base - 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is ...↗2012

▶

💬Community

Bugzilla

CVE-2012-4450 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)↗2012-09-26

▶

Bugzilla

CVE-2012-4450 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) [epel-5]↗2012-09-26

▶

Bugzilla

CVE-2012-4450 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) [fedora-all]↗2012-09-26

▶