CVE-2014-0132
published 2014-03-18CVE-2014-0132: The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain…
medium6.5CVSS 3.1
AVNACLAuSCPIPAP
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | 389-ds-base | < 389-ds-base 1.3.2.9-1.1 (bookworm) | 389-ds-base 1.3.2.9-1.1 (bookworm) |
| fedoraproject | 389_directory_server | <= 1.2.11.25 | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| port389 | 389-ds-base | >= 0 < 1.3.2.9-1.1 | 1.3.2.9-1.1 |
| port389 | 389-ds-base | >= 0 < 1.3.2.9-1.1 | 1.3.2.9-1.1 |
| port389 | 389-ds-base | >= 0 < 1.3.2.9-1.1 | 1.3.2.9-1.1 |
CVSS provenance
nvd6.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM