CVE-2014-0132

389 Directory Server <1.2.11.26 - Privilege Escalation

Title source: llm

Description

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.

References (5)

Core 5

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0292.html

Exploit x_refsource_confirm

https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/57427

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/57412

Patch x_refsource_confirm

https://fedorahosted.org/389/ticket/47739

Scores

EPSS 0.0219

EPSS Percentile 80.2%

Details

CWE

CWE-287

Status published

Products (18)

fedoraproject/389_directory_server 1.2.11.1

fedoraproject/389_directory_server 1.2.11.5

fedoraproject/389_directory_server 1.2.11.6

fedoraproject/389_directory_server 1.2.11.8

fedoraproject/389_directory_server 1.2.11.9

fedoraproject/389_directory_server 1.2.11.10

fedoraproject/389_directory_server 1.2.11.11

fedoraproject/389_directory_server 1.2.11.12

fedoraproject/389_directory_server 1.2.11.13

fedoraproject/389_directory_server 1.2.11.14

... and 8 more

Published Mar 18, 2014

Tracked Since Feb 18, 2026