CVE-2013-0336

The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
redhatfreeipa
𝑥
≤ 3.1.5
redhatfreeipa
3.0.0
redhatfreeipa
3.0.1
redhatfreeipa
3.0.2
redhatfreeipa
3.1.1
redhatfreeipa
3.1.2
redhatfreeipa
3.1.3
redhatfreeipa
3.1.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
389-ds-base
bullseye
1.4.4.11-2
fixed
bookworm
2.3.1+dfsg1-1
fixed
sid
3.1.1+dfsg1-2
fixed
trixie
3.1.1+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
389-ds-base
trusty
dne
saucy
ignored
raring
ignored
quantal
not-affected
precise
not-affected
oneiric
dne
lucid
dne
hardy
dne
freeipa
trusty
not-affected
saucy
ignored
raring
ignored
quantal
not-affected
precise
not-affected
oneiric
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/52763
http://www.securityfocus.com/bid/58747
https://bugzilla.redhat.com/show_bug.cgi?id=913751
https://exchange.xforce.ibmcloud.com/vulnerabilities/83132
https://fedorahosted.org/freeipa/ticket/3539
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e
http://secunia.com/advisories/52763
http://www.securityfocus.com/bid/58747
https://bugzilla.redhat.com/show_bug.cgi?id=913751
https://exchange.xforce.ibmcloud.com/vulnerabilities/83132
https://fedorahosted.org/freeipa/ticket/3539
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e