CVE-2015-1854

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
fedoraproject389_directory_server
𝑥
≤ 1.3.3.9
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
389-ds-base
bookworm
2.3.1+dfsg1-1
fixed
bullseye
1.4.4.11-2
fixed
sid
3.1.1+dfsg1-2
fixed
trixie
3.1.1+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
389-ds-base
artful
not-affected
bionic
not-affected
lucid
dne
precise
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
not-affected
zesty
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
389-ds
suse enterprise sap 15
1.4.0.3-2.39
fixed
suse enterprise sap 15 SP1
1.4.0.3-2.39
fixed
suse enterprise server 15
1.4.0.3-2.39
fixed
suse enterprise server 15 SP1
1.4.0.3-2.39
fixed
389-ds-devel
suse enterprise sap 15
1.4.0.3-2.39
fixed
suse enterprise sap 15 SP1
1.4.0.3-2.39
fixed
suse enterprise server 15
1.4.0.3-2.39
fixed
suse enterprise server 15 SP1
1.4.0.3-2.39
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
389-ds-base
RHEL 7
0:1.3.3.1-16.el7_1
fixed
389-ds-base-devel
RHEL 7
0:1.3.3.1-16.el7_1
fixed
389-ds-base-libs
RHEL 7
0:1.3.3.1-16.el7_1
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html
http://www.securityfocus.com/bid/74392
https://access.redhat.com/errata/RHSA-2015:0895
https://bugzilla.redhat.com/show_bug.cgi?id=1209573
https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html
http://www.securityfocus.com/bid/74392
https://access.redhat.com/errata/RHSA-2015:0895
https://bugzilla.redhat.com/show_bug.cgi?id=1209573
https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html