Bug 1209573 (CVE-2015-1854)
Summary: | CVE-2015-1854 389-ds-base: access control bypass with modrdn | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | bressers, jrusnack, mreynolds, nhosoi, nkinder, security-response-team, ssorce, tbordaz, twalsh, vashirov |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-04-28 18:31:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1212894, 1212895, 1216203 | ||
Bug Blocks: | 1209577 |
Description
Vasyl Kaigorodov
2015-04-07 16:48:51 UTC
Statement: This issue does not affect the version of 389-ds-base package as shipped with Red Hat Enterprise Linux 6. I think Noriko is better suited to answer questions about embargo lifting. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0895 https://rhn.redhat.com/errata/RHSA-2015-0895.html Created 389-ds-base tracking bugs for this issue: Affects: fedora-all [bug 1216203] |