What is the severity of CVE-2012-4450?

CVE-2012-4450 is classified as a medium severity vulnerability.

How do I fix CVE-2012-4450?

To remediate CVE-2012-4450, upgrade to a version of 389 Directory Server that has addressed this issue.

Who is affected by CVE-2012-4450?

Remote authenticated users with certain permissions on systems running 389 Directory Server 1.2.10 are affected by CVE-2012-4450.

What is the impact of CVE-2012-4450?

CVE-2012-4450 allows unauthorized access to DN entries by bypassing Access Control Lists.

What versions are vulnerable to CVE-2012-4450?

The specific vulnerable version is 389 Directory Server 1.2.10.

Vulnerability/
CVE-2012-4450

medium

CWE

264

1/10/2012

8/3/2013

CVE-2012-4450

First published: Mon Oct 01 2012(Updated: )

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Red Hat 389 Directory Server	=1.2.10

Remedy

http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4450?
CVE-2012-4450 is classified as a medium severity vulnerability.
How do I fix CVE-2012-4450?
To remediate CVE-2012-4450, upgrade to a version of 389 Directory Server that has addressed this issue.
Who is affected by CVE-2012-4450?
Remote authenticated users with certain permissions on systems running 389 Directory Server 1.2.10 are affected by CVE-2012-4450.
What is the impact of CVE-2012-4450?
CVE-2012-4450 allows unauthorized access to DN entries by bypassing Access Control Lists.
What versions are vulnerable to CVE-2012-4450?
The specific vulnerable version is 389 Directory Server 1.2.10.

agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/remedy
agent/severity
agent/weakness
agent/author
agent/description
agent/tags
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/fedoraproject
canonical/red hat 389 directory server
version/red hat 389 directory server/1.2.10

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.