CVE-2012-4450

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
fedoraproject389_directory_server
1.2.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
389-ds-base
bullseye
1.4.4.11-2
fixed
bookworm
2.3.1+dfsg1-1
fixed
sid
3.1.1+dfsg1-2
fixed
trixie
3.1.1+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
389-ds-base
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
not-affected
raring
not-affected
quantal
ignored
precise
ignored
oneiric
dne
natty
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
http://rhn.redhat.com/errata/RHSA-2013-0503.html
http://secunia.com/advisories/50713
http://www.openwall.com/lists/oss-security/2012/09/26/3
http://www.openwall.com/lists/oss-security/2012/09/26/5
http://www.securityfocus.com/bid/55690
https://bugzilla.redhat.com/show_bug.cgi?id=860772
https://fedorahosted.org/389/ticket/340
http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
http://rhn.redhat.com/errata/RHSA-2013-0503.html
http://secunia.com/advisories/50713
http://www.openwall.com/lists/oss-security/2012/09/26/3
http://www.openwall.com/lists/oss-security/2012/09/26/5
http://www.securityfocus.com/bid/55690
https://bugzilla.redhat.com/show_bug.cgi?id=860772
https://fedorahosted.org/389/ticket/340