CVE-2014-0132

Published Mar 18, 2014

Last updated 3 months ago

CVSS info 6.5

Overview

Description: The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42CCF633-027C-40D6-8982-C149D557FD78",
            "versionEndIncluding": "1.2.11.25"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCBE4443-C736-4263-BC89-5A8F2ADD81E7"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D64150B-1D48-4966-873C-029747495BB3"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80F7CCAD-04B1-4BE1-BE61-791C5CA3984E"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11943F1C-BD6D-4339-A381-5E4A33120383"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BAA555B-4F2B-408D-9A4C-1740AFC228DC"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60E619C3-7E6D-4235-ACE5-67524CD38AA1"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ED48D0E-1C9A-4FB8-B54E-F1B121D68045"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A7DFDE6-7C1F-4AB2-8719-50B44D25620F"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F102D5BD-8B5F-47BF-A94C-923F0BEE943E"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "912A37B4-1E3B-40AB-8B63-720F84365843"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16C83007-E3C8-40D0-ADAE-E7EE87CCA464"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "608BF64E-4204-4610-B23C-BC206E870F79"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10315DCC-28D6-400C-92C1-C0AD5E3DDF53"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FE13693-1A6B-4A2A-AF64-F76FA0A3EBA9"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83A5B6F2-DCD1-49D4-92FC-303A960542C6"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "304EAF1A-3163-4184-B3FC-0B641BA1FC03"
          },
          {
            "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49F8893E-7087-4874-9D39-6238317CB6B0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References