Bug 1167858 (CVE-2014-8105)
Summary: | CVE-2014-8105 389-ds-base: information disclosure through 'cn=changelog' subtree | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | gparente, jrusnack, lkrispen, mkosek, mreynolds, nhosoi, nkinder, pspacek, security-response-team, sramling, ssorce |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive information such as plain-text passwords.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 20:10:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1167877, 1167878, 1168150, 1168151, 1180629, 1199675 | ||
Bug Blocks: | 1168154 |
Description
Vasyl Kaigorodov
2014-11-25 14:18:13 UTC
Acknowledgement: This issue was discovered by Petr Špaček of the Red Hat Identity Management Engineering Team. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0416 https://rhn.redhat.com/errata/RHSA-2015-0416.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:0628 https://rhn.redhat.com/errata/RHSA-2015-0628.html Created 389-ds-base tracking bugs for this issue: Affects: fedora-all [bug 1199675] |