39 matches found
CVE-2020-35518
CVE-2020-35518 affects 389-ds-base: information disclosure during DN binding that lets an unauthenticated attacker check whether an entry exists. Disclosures in MiracleLinux (AXSA:2021-1847/2281) show updates for 389-ds-base/1.3.10.2-12.el7 and 389-ds:1.4 modules are available; Ubuntu Red Hat and...
CVE-2022-2850
Summary: CVE-2022-2850 affects 389-ds-base where the Content Synchronization plugin, when enabled, allows an authenticated user to trigger a NULL pointer dereference and cause a denial of service. This entry is tied to an incomplete fix for CVE-2021-3514. What’s affected (from connected docs): 38...
CVE-2024-1062
CVE-2024-1062 is a heap overflow in 389-ds-base that can cause a denial of service when a value larger than 256 characters is written to the log_entry_attr field. The CVE is evaluated as a local, high-availability risk with a MEDIUM base score from CVSS 3.1 (AV:L, AC:L, PR:L, UI:N, S:U, C:N, I:N,...
CVE-2022-1949
CVE-2022-1949 is described in connected sources as an access control bypass in 389-ds-base LDAP server caused by mishandling of search filters. This weakness could allow any remote unauthenticated user to issue a filter that returns database items the caller should not access, potentially exposin...
CVE-2014-3562
The CVE-2014-3562 issue affects Red Hat Directory Server 8 and 389 Directory Server when debugging is enabled, where the server could disclose potentially sensitive replicated metadata during directory searches. Root cause: replication metadata is exposed in search results if debugging is enabled...
CVE-2023-1055
CVE-2023-1055 affects RHDS 11/12 and Red Hat Directory Server components (389-ds-base). The issue occurs when LDAP browsing entries decodes userPassword instead of userCertificate, leaking sensitive information. A local attacker with a cockpit-389-ds process can list processes and display hashed ...
CVE-2024-6237
The issue CVE-2024-6237 affects 389-ds-base (389 Directory Server) and can be exploited by an unauthenticated user sending a crafted extended search request to trigger a server crash/DoS. Publicly referenced advisories (Red Hat RHSA-2024:4997, OSV and OSV editions) indicate affected Red Hat-based...
CVE-2013-2219
The CVE affects Red Hat Directory Server and its open source equivalent, 389 Directory Server. The root cause is improper enforcement of access controls for attributes during search filter evaluation, enabling remote authenticated users to retrieve values of restricted attributes via a query. The...
CVE-2013-4485
The CVE-2013-4485 issue affects 389-ds-base (389 Directory Server) and is cited across multiple advisories linked to 389-ds-base 1.2.11.15, including MiracleLinux AXSA-2014-026/02 and AXSA-2014-109 references. The root cause is improper handling of GER (Get Effective Rights) search queries when t...
CVE-2010-3282
CVE-2010-3282 covers a local information disclosure in HP-UX Directory Server and Red Hat Directory Server for HP-UX where audit logging logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, enabling local users to read sensitive data from logs....
CVE-2012-2678
CVE-2012-2678 affects 389-ds-base (also Red Hat Directory Server) before version 1.2.11.6. Per the description, after an LDAP user’s password is changed and before the server is reset, an attacker could remotely read the plaintext password via the unhashed#user#password attribute. This vulnerabil...
CVE-2008-2930
CVE-2008-2930 affects Red Hat Directory Server (RHDS) 7.1 before SP7, RHDS 8, and Fedora Directory Server 1.1.1. The issue allows remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests, exploiting a single-threaded regular-expression sub...
CVE-2011-0019
CVE-2011-0019 affects 389 Directory Server / Red Hat Directory Server (Directory Server 1.2.7.5 / 1.2.x) where slapd/ns-slapd mishandles simple paged result searches. The underlying issue is improper handling of Simple Paged Results, allowing remote attackers to trigger a denial-of-service (daemo...
CVE-2008-0893
CVE-2008-0893 affects Red Hat Directory Server Admin Server (redhat-ds-admin), used with Red Hat Directory Server 8.0 on RHEL4/RHEL5. The vulnerability stems from inadequate restriction of CGI script access, allowing an unauthenticated remote user to access CGI endpoints and perform administrativ...
CVE-2008-2929
The CVE-2008-2929 event concerns multiple XSS vulnerabilities in the adminutil library used by the Directory Server Administration Express and Directory Server Gateway web interfaces. Affected systems include Red Hat Directory Server 7.1 prior to SP7, 8 EL4/EL5, and Fedora Directory Server. The X...
CVE-2010-2222
The CVE-2010-2222 issue affects Red Hat Directory Server 8 and 389 Directory Server, arising from the _ger_parse_control function. The root cause is a code issue in this function that allows a crafted search query to trigger a denial of service via a NULL pointer dereference. Documented impact in...
CVE-2011-0532
In Red Hat Directory Server (389 Directory Server 1.2.x / Red Hat Directory Server 8.2.x), three scripts (backup/restore, main init, ldap-agent) place a zero-length entry in LD_LIBRARY_PATH, enabling local privilege escalation via a Trojan horse shared library in the attacker’s directory. This is...
CVE-2011-0022
CVE-2011-0022 involves Red Hat Directory Server 1.2.x where setup scripts for multiple unprivileged instances create /var/run/dirsrv with 0777 permissions. This permits a local user to interfere with PID files in that directory, causing a denial of service by replacing PID files or preventing pro...
CVE-2012-2746
CVE-2012-2746 affects 389-ds-base/Red Hat Directory Server prior to 1.2.11.6: when an LDAP user password is changed and audit logging is enabled, the new password is saved to logs in plain text, permitting remote authenticated users to read it. Affected version note appears in multiple advisories...
CVE-2008-1677
The CVE-2008-1677 issue affects Red Hat Directory Server 8.0 and 7.1 before Service Pack 6, where the regular expression handler can overflow a buffer during translation of a user-supplied LDAP search pattern. This denial-of-service vulnerability may allow an unauthenticated remote attacker to cr...
CVE-2008-0892
The CVE-2008-0892 issue affects the replication monitor CGI script (repl-monitor-cgi.pl) in the Red Hat Administration Server used with Red Hat Directory Server 8.0 on RHEL4/RHEL5, allowing remote command execution via the CGI interface. The root cause is a command-injection flaw in the replicati...
CVE-2008-2928
CVE-2008-2928 affects Red Hat Directory Server 7.1 with Service Pack 7. A buffer overflow in the adminutil CGI components can be triggered by a crafted Accept-Language HTTP header, allowing remote attackers to crash the daemon or possibly execute arbitrary code. Connected advisory RHSA-2008:0596 ...
CVE-2008-3283
CVE-2008-3283 affects Red Hat Directory Server 7.1 (before SP7), Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier. The vulnerability is due to memory leaks that can be exploited remotely to cause a denial of service via the authentication/bind phase and via anonymous LDAP...
CVE-2010-2241
CVE-2010-2241 affects Red Hat Directory Server up to version 8.1.x (before 8.2). The vulnerable component comprises the setup-ds.pl and setup-ds-admin.pl setup scripts, which create cache files with world-readable permissions. This underprivileged exposure allows a local user to obtain sensitive ...
CVE-2008-0890
CVE-2008-0890 affects Red Hat Directory Server 7.1 prior to SP4. The issue is insecure permissions on certain directories that allow a local user to replace Java ARchive (JAR) files and execute arbitrary code with the server’s privileges. The official Red Hat advisory RHSA-2008:0173 documents the...
CVE-2008-0889
Affected product/versions: Red Hat Directory Server 8.0 running on Red Hat Enterprise Linux. Vulnerable component: the startup script for the redhat-idm-console. Root cause: insecure permissions on the redhat-idm-console script allow local users to modify it and execute arbitrary code. Impact: lo...
CVE-2026-9064
The CVE-2026-9064 issue affects the 389-ds-base LDAP server. The get_ldapmessage_controls_ext() function does not bound the number of LDAP message controls, allowing a remote, unauthenticated attacker to send requests with hundreds of thousands of minimal controls within the default BER size (2 M...
CVE-2026-11790
The CVE-2026-11790 entry describes a vulnerability in 389 Directory Server’s PBKDF2-SHA256 password storage plugin where there is no upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user’s password hash can trigger excessive CPU usag...
CVE-2026-11787
The CVE-2026-11787 entry concerns 389 Directory Server (389-ds-base). A heap buffer over-read occurs in the ldap_utf8prev() function when reading bytes before the start of a buffer during string filter parsing (via str2simple), which may influence internal filter processing behavior. Documented i...
CVE-2026-11789
Affected software : 389 Directory Server (389-ds-base). Vulnerable component : SMD5 password storage plugin. Root cause : unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read and LDAP server crash during authenticatio...
CVE-2026-11786
CVE-2026-11786 affects the 389 Directory Server (389-ds-base). The issue is a heap-out-of-bounds read in the LDIF parser when processing attribute types with trailing semicolons during database import, traced to ldif parser function str2entry_state_information_from_type(). Consequences are descri...
CVE-2026-12528
Affected software/component: 389 Directory Server, in function __aclp__normalize_acltxt() of aclparse.c. Issue: malformed ACI strings can trigger heap-buffer-overflow writes and reads during ACI parsing; the keyword length after whitespace stripping is not validated, causing 1-byte out-of-bounds ...
CVE-2026-11611
CVE-2026-11611 concerns the Content Synchronization persistent search plugin in 389 Directory Server. The flaw enables denial of service via unbounded memory growth when an authenticated client stops reading sync responses, and there are additional race conditions in the plugin thread lifecycle t...
CVE-2026-11788
The vulnerability CVE-2026-11788 affects 389 Directory Server (389-ds-base) in the dereference control plugin BER parser. The root cause is that the plugin does not check for BER allocation failures before using structures, enabling a null pointer/dereference scenario that can crash the LDAP serv...
CVE-2026-11785
The CVE-2026-11785 entry concerns 389 Directory Server (389-ds-base) with a type confusion in the SSO token extended operation handler. This flaw allows a partial leak of stack address information via LDAP responses to authenticated users, arising from ber_printf type confusion in the SSO token h...
CVE-2026-11791
The CVE-2026-11791 entry concerns 389 Directory Server (389-ds-base), where during schema reload the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing refcount-based deferred deletion. This can lead to use-after-free or double-free when LDAP query ...
CVE-2026-15041
The CVE describes a flaw in 389 Directory Server (389-ds-base): non-constant-time comparison in the PBKDF2-SHA256 password verification uses standard memcmp() instead of a constant-time function. This could allow a remote attacker to leverage timing measurements of LDAP bind attempts to infer par...
CVE-2026-14940
Affected software/component: 389 Directory Server (389-ds-base). Vulnerability: heap-buffer-overflow in DN normalization when processing a legacy-quoted value encoding a multivalued nested RDN, causing writes past the end of a heap allocation. Attack scenario: an unauthenticated remote attacker c...
CVE-2026-14969
The CVE-2026-14969 entry concerns 389-ds-base. The LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC, enabling a privileged attacker with filesystem access to detect plaintext equality across encrypted entries by ciphertext block comparison. ...