The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2012-0813.html | |
http://secunia.com/advisories/48035 | Vendor Advisory |
http://secunia.com/advisories/49562 | Vendor Advisory |
https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base | Exploit Patch |
https://fedorahosted.org/389/ticket/162 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2012-07-03T16:00:00Z
Updated: 2012-07-03T16:00:00Z
Reserved: 2012-01-19T00:00:00Z
Link: CVE-2012-0833
JSON object: View
NVD Information
Status : Analyzed
Published: 2012-07-03T16:40:31.583
Modified: 2012-07-17T04:00:00.000
Link: CVE-2012-0833
JSON object: View
Redhat Information
No data.
CWE