Advisories ยป MGASA-2013-0357

Updated 389-ds-base package fixes CVE-2013-4485

Publication date: 30 Nov 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4485

Description

Updated 389-ds-base packages fix security vulnerability:

It was discovered that the 389 Directory Server did not properly handle
certain Get Effective Rights (GER) search queries when the attribute list,
which is a part of the query, included several names using the '@'
character. An attacker able to submit search queries to the 389 Directory
Server could cause it to crash (CVE-2013-4485).
                

References

SRPMS

3/core