CVE-2014-0132 — Improper Authentication in 389 Directory Server

CWE-287 — Improper Authentication CWE-290 — Authentication Bypass by Spoofing9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 31.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Port389 389-ds-base Fedoraproject 389 Directory Server

Timeline

PublishedMar 18

Latest updateMay 17

Description

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶NVDfedoraproject/389_directory_server1.2.11.25+17

▶Debianport389/389-ds-base< 1.3.2.9-1.1+2

Patches

Patch: fedorahosted.org ↗Patch: fedorahosted.org ↗

🔴Vulnerability Details

GHSA

GHSA-3483-6grv-x2wh: The SASL authentication functionality in 389 Directory Server before 1↗2022-05-17

▶

OSV

CVE-2014-0132: The SASL authentication functionality in 389 Directory Server before 1↗2014-03-18

▶

CVEList

CVE-2014-0132: The SASL authentication functionality in 389 Directory Server before 1↗2014-03-18

▶

📋Vendor Advisories

Red Hat

389-ds: flaw in parsing authzid can lead to privilege escalation↗2014-03-13

▶

Debian

CVE-2014-0132: 389-ds-base - The SASL authentication functionality in 389 Directory Server before 1.2.11.26 a...↗2014

▶

💬Community

Bugzilla

CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation [fedora-all]↗2014-03-13

▶

Bugzilla

CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation [epel-5]↗2014-03-13

▶

Bugzilla

CVE-2014-0132 389-ds: flaw in parsing authzid can lead to privilege escalation↗2014-03-11

▶