A flaw was reported [1] in how the 389 Directory Server handled SASL-based authentication, in particular when the authzid parameter is specified. A flaw in the SASL mechanism handling allowed a user who could legitimately authenticate to the Directory Server, to use the directory as any other user they wished. This could allow an unprivileged directory user to effectively elevate privileges to the Directory Manager. This could allow a user to modify configuration values, as well as read and write any data the directory holds. A patch to correct this flaw is available in git [2]. [1] https://fedorahosted.org/389/ticket/47739 [2] https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/
Created 389-ds-base tracking bugs for this issue: Affects: fedora-all [bug 1076117] Affects: epel-5 [bug 1076118]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0292 https://rhn.redhat.com/errata/RHSA-2014-0292.html
This has been corrected in EPEL5 via 389-ds-base-1.2.11.28-1.el5, in Fedora 20 via 389-ds-base-1.3.2.16-1.fc20 and in Fedora 19 via 389-ds-base-1.3.1.22-1.fc19.