CVE-2013-0312 : 389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of

389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.

Published 2013-03-13 20:55:02

Updated 2013-03-19 04:00:00

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2013-0312

Fedoraproject » 389 Directory Server
Versions up to, including, (<=) 1.3.0.3
cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

3.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

http://rhn.redhat.com/errata/RHSA-2013-0628.html

RHSA-2013:0628 - Security Advisory - Red Hat Customer Portal
http://www.securityfocus.com/bid/58428

389 Directory Server CVE-2013-0312 Remote Denial of Service Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=912964

912964 – (CVE-2013-0312) CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data
https://fedorahosted.org/389/ticket/571

Issue #571: server does not accept 0 length LDAP Control sequence - 389-ds-base - Pagure.io
http://directory.fedoraproject.org/wiki/Releases/1.3.0.4

Jump to