389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
References
Link | Resource |
---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/74392 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2015:0895 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1209573 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html | Mailing List Third Party Advisory |
Configurations
History
13 Feb 2023, 00:47
Type | Values Removed | Values Added |
---|---|---|
Summary | 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | |
References |
|
02 Feb 2023, 20:20
Type | Values Removed | Values Added |
---|---|---|
Summary | A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. | |
References |
|
Information
Published : 2017-09-19 15:29
Updated : 2023-12-10 12:15
NVD link : CVE-2015-1854
Mitre link : CVE-2015-1854
CVE.ORG link : CVE-2015-1854
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- 389_directory_server
- fedora
CWE
CWE-284
Improper Access Control