CVE-2011-0022
First published: Thu Jan 20 2011(Updated: )
It was discovered that 389 / Red Hat Directory Server's setup scripts set insecure permissions (0777) on the /var/run/dirsrv directory used to store Directory Server's pid files when multiple Directory Server instances were configured on the system to be run under the different unprivileged users. A local user could use this flaw to create, remove or replace pid files in this directory, possibly preventing correct start of the Directory Server instances, or causing Directory Server init script to kill arbitrary process during the Directory Server shutdown.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fedoraproject 389 Directory Server | =1.2.5-rc4 | |
| Fedoraproject 389 Directory Server | =1.2.3 | |
| Fedoraproject 389 Directory Server | =1.2.5-rc1 | |
| Fedoraproject 389 Directory Server | =1.2.6-rc3 | |
| Fedoraproject 389 Directory Server | =1.2.6-a3 | |
| Fedoraproject 389 Directory Server | =1.2.6-rc1 | |
| Fedoraproject 389 Directory Server | =1.2.7.5 | |
| Fedoraproject 389 Directory Server | =1.2.1 | |
| Fedoraproject 389 Directory Server | =1.2.2 | |
| Fedoraproject 389 Directory Server | =1.2.5 | |
| Fedoraproject 389 Directory Server | =1.2.8-alpha2 | |
| Fedoraproject 389 Directory Server | =1.2.6-rc6 | |
| Fedoraproject 389 Directory Server | =1.2.6.1 | |
| Fedoraproject 389 Directory Server | =1.2.5-rc3 | |
| Fedoraproject 389 Directory Server | =1.2.6-a4 | |
| Fedoraproject 389 Directory Server | =1.2.5-rc2 | |
| Fedoraproject 389 Directory Server | =1.2.8-alpha1 | |
| Fedoraproject 389 Directory Server | =1.2.6-rc2 | |
| Fedoraproject 389 Directory Server | =1.2.6-a2 | |
| Fedoraproject 389 Directory Server | =1.2.6 | |
| Fedoraproject 389 Directory Server | =1.2.6-rc7 | |
| Fedoraproject 389 Directory Server | =1.2.7-alpha3 | |
| Redhat Directory Server | =8.2 | |
| Redhat Directory Server | =8.2.3 | |
| redhat/redhat-ds-admin | <0:8.2.1-1.el5d | 0:8.2.1-1.el5d |
| redhat/redhat-ds-base | <0:8.2.4-1.el5d | 0:8.2.4-1.el5d |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=671199
- http://www.redhat.com/support/errata/RHSA-2011-0293.html
- http://www.securityfocus.com/bid/46489
- http://www.securitytracker.com/id?1025102
- https://access.redhat.com/security/cve/CVE-2011-0022
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=669767
- https://rhn.redhat.com/errata/RHSA-2011-0293.html
- http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=5135d9a
- https://www.cve.org/CVERecord?id=CVE-2011-0022 https://nvd.nist.gov/vuln/detail/CVE-2011-0022
- https://access.redhat.com/errata/RHSA-2011:0293
- collector/nvd-historical
- collector/redhat-cve
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0022
- vendor/fedoraproject
- canonical/fedoraproject 389 directory server
- version/fedoraproject 389 directory server/1.2.5-rc4
- version/fedoraproject 389 directory server/1.2.3
- version/fedoraproject 389 directory server/1.2.5-rc1
- version/fedoraproject 389 directory server/1.2.6-rc3
- version/fedoraproject 389 directory server/1.2.6-a3
- version/fedoraproject 389 directory server/1.2.6-rc1
- version/fedoraproject 389 directory server/1.2.7.5
- version/fedoraproject 389 directory server/1.2.1
- version/fedoraproject 389 directory server/1.2.2
- version/fedoraproject 389 directory server/1.2.5
- version/fedoraproject 389 directory server/1.2.8-alpha2
- version/fedoraproject 389 directory server/1.2.6-rc6
- version/fedoraproject 389 directory server/1.2.6.1
- version/fedoraproject 389 directory server/1.2.5-rc3
- version/fedoraproject 389 directory server/1.2.6-a4
- version/fedoraproject 389 directory server/1.2.5-rc2
- version/fedoraproject 389 directory server/1.2.8-alpha1
- version/fedoraproject 389 directory server/1.2.6-rc2
- version/fedoraproject 389 directory server/1.2.6-a2
- version/fedoraproject 389 directory server/1.2.6
- version/fedoraproject 389 directory server/1.2.6-rc7
- version/fedoraproject 389 directory server/1.2.7-alpha3
- vendor/redhat
- canonical/redhat directory server
- version/redhat directory server/8.2
- version/redhat directory server/8.2.3
- package-manager/redhat