Home page logo
/

oss-sec logo oss-sec mailing list archives

389-ds DoS due to improper handling of ger attr searches (CVE-2013-4485)
From: Vincent Danen <vdanen () redhat com>
Date: Thu, 21 Nov 2013 08:15:07 -0700

A flaw in how 389-ds-base and Red Hat Directory Server handled the
checking of access rights on entries using GER (Get Effective Rights), a
way to extend directory searches to also display what access rights a
user has to a specified entry.  When an attribute list is given in the
search request, and if there are several attributes whose names contain
the '@' character, 389-ds-base and Red Hat Directory Server would crash.
An attacker able to contact the server would be able to submit this type
of search request with no authentication required.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4485


(Obviously no CVE is required, posting here as this was previously sent
to the distros@ mailing list)

--
Vincent Danen / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
  • 389-ds DoS due to improper handling of ger attr searches (CVE-2013-4485) Vincent Danen (Nov 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]