Vulnerabilities > Fedoraproject > 389 Directory Server
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-02-23 | CVE-2011-0532 | Permissions, Privileges, and Access Controls vulnerability in multiple products The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.2 |
2011-02-23 | CVE-2011-0022 | Resource Management Errors vulnerability in multiple products The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. | 4.7 |
2011-02-23 | CVE-2011-0019 | Improper Input Validation vulnerability in multiple products slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. | 7.5 |
2011-02-23 | CVE-2010-4746 | Resource Management Errors vulnerability in Fedoraproject 389 Directory Server Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019. | 5.0 |