CVE-2014-8105

Published: 10 March 2015

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

Priority

Medium

Status

Package Release Status
389-ds-base
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.3.5-4)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Other: https://pagure.io/389-ds-base/c/29652118e2ae17ca98c1934af5109f1ac87d94ae
freeipa
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Notes

AuthorNote
tyhicks
The Red Hat bug says that FreeIPA versions 4.0+ are affected but it
isn't clear to me if it is a bug in freeipa or 389-ds-base
sbeattie
further investigation doesn't show any changes made to
freeipa for this issue.

References

Bugs