Vulnerability Details : CVE-2012-4450
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
Products affected by CVE-2012-4450
- cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4450
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4450
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2012-4450
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4450
-
http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
Overview - 389-ds-base - Pagure.ioPatch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0503.html
RHSA-2013:0503 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/55690
389 Directory Server Access Bypass Vulnerability
-
http://www.openwall.com/lists/oss-security/2012/09/26/5
oss-security - Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)
-
https://bugzilla.redhat.com/show_bug.cgi?id=860772
860772 – Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl
-
http://www.openwall.com/lists/oss-security/2012/09/26/3
oss-security - CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)
-
https://fedorahosted.org/389/ticket/340
Issue #340: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl - 389-ds-base - Pagure.io
Jump to