CVE-2012-4450

Published: 01 October 2012

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.

Priority

Medium

Status

Package Release Status
389-ds-base
Launchpad, Ubuntu, Debian
Upstream
Released (1.2.11.16)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1.3.0.3-1ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1.3.0.3-1ubuntu1])
Patches:
Upstream: http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09