Lucene search
HistoryMar 18, 2014 - 5:02 p.m.
CVE-2014-0132
389 directory server
remote authentication
vulnerability
cve-2014-0132
nvd
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
77.9%
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
Affected configurations
Node
fedoraproject389_directory_serverRangeβ€1.2.11.25
ORfedoraproject389_directory_serverMatch1.2.11.1
ORfedoraproject389_directory_serverMatch1.2.11.5
ORfedoraproject389_directory_serverMatch1.2.11.6
ORfedoraproject389_directory_serverMatch1.2.11.8
ORfedoraproject389_directory_serverMatch1.2.11.9
ORfedoraproject389_directory_serverMatch1.2.11.10
ORfedoraproject389_directory_serverMatch1.2.11.11
ORfedoraproject389_directory_serverMatch1.2.11.12
ORfedoraproject389_directory_serverMatch1.2.11.13
ORfedoraproject389_directory_serverMatch1.2.11.14
ORfedoraproject389_directory_serverMatch1.2.11.15
ORfedoraproject389_directory_serverMatch1.2.11.17
ORfedoraproject389_directory_serverMatch1.2.11.19
ORfedoraproject389_directory_serverMatch1.2.11.20
ORfedoraproject389_directory_serverMatch1.2.11.21
ORfedoraproject389_directory_serverMatch1.2.11.22
ORfedoraproject389_directory_serverMatch1.2.11.23
Related
fedora
fedora
[SECURITY] Fedora 20 Update: 389-ds-base-1.3.2.16-1.fc20
2014-03-15 15:15:44
[SECURITY] Fedora 19 Update: 389-ds-base-1.3.1.22-1.fc19
2014-03-15 15:23:08
nvd
nvd
CVE-2014-0132
2014-03-18 17:02:53
amazon
amazon
Important: 389-ds-base
2014-03-24 23:34:00
nessus
nessus
RHEL 6 : 389-ds-base (RHSA-2014:0292)
2014-03-14 00:00:00
Oracle Linux 6 : 389-ds-base (ELSA-2014-0292)
2014-03-14 00:00:00
ubuntucve
ubuntucve
CVE-2014-0132
2014-03-18 00:00:00
redhat
redhat
(RHSA-2014:0292) Important: 389-ds-base security update
2014-03-13 00:00:00
debiancve
debiancve
CVE-2014-0132
2014-03-18 17:02:53
seebug
seebug
389 Directory Server SASL/GSSAPIιͺθ―η»θΏζΌζ΄
2014-03-18 00:00:00
cvelist
cvelist
CVE-2014-0132
2014-03-18 14:00:00
mageia
mageia
Updated 389-ds-base package fixes security vulnerability
2014-03-31 23:44:51
openvas
openvas
RedHat Update for 389-ds-base RHSA-2014:0292-01
2014-03-17 00:00:00
CentOS Update for 389-ds-base CESA-2014:0292 centos6
2014-03-17 00:00:00
Fedora Update for 389-ds-base FEDORA-2014-3904
2014-03-17 00:00:00
oraclelinux
oraclelinux
389-ds-base security update
2014-03-13 00:00:00
veracode
veracode
Privilege Escalation
2019-01-15 08:58:29
prion
prion
Authentication flaw
2014-03-18 17:02:00
centos
centos
389 security update
2014-03-13 21:39:06
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
77.9%
Related for CVE-2014-0132