389 Directory Server@1.2.5 Security Vulnerabilities and Issues — 389 Directory Server@1.2.5 CVE List

Lucene search

Fedoraproject389 Directory Server1.2.5

9 matches found

CVE•added 2014/08/21 2:55 p.m.•87 views

CVE-2014-3562

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

5CVSS6.2AI score0.00307EPSS

CVE•added 2012/07/03 4:40 p.m.•60 views

CVE-2012-0833

The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service ...

2.3CVSS6.1AI score0.00244EPSS

CVE•added 2012/07/03 4:40 p.m.•56 views

CVE-2012-2678

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

1.2CVSS6.6AI score0.00238EPSS

CVE•added 2013/05/13 11:55 p.m.•53 views

CVE-2013-1897

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote a...

2.6CVSS5.8AI score0.0041EPSS

CVE•added 2011/02/23 7:0 p.m.•47 views

CVE-2011-0532

The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library i...

6.2CVSS6.6AI score0.00047EPSS

CVE•added 2012/07/03 4:40 p.m.•47 views

CVE-2012-2746

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

2.1CVSS6.2AI score0.00509EPSS

CVE•added 2011/02/23 7:0 p.m.•45 views

CVE-2010-4746

Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling i...

5CVSS6.8AI score0.0073EPSS

CVE•added 2011/02/23 7:0 p.m.•44 views

CVE-2011-0022

The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) b...

4.7CVSS6.7AI score0.00036EPSS

CVE•added 2011/02/23 7:0 p.m.•44 views

CVE-2011-1067

slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes t...

5CVSS6.5AI score0.0073EPSS