|
Message-ID: <4A77F227-42E4-4734-89BC-219656AA6A09@redhat.com>
Date: Thu, 07 Aug 2014 12:12:27 -0600
From: "Vincent Danen" <vdanen@...hat.com>
To: "OSS Security List" <oss-security@...ts.openwall.com>
Subject: CVE-2014-3562: Vulnerability in 389-ds
This was initially sent to the distros list on August 5th:
It was found that when replication was enabled for each attribute in Red
Hat Directory Server / 389 Directory Server, which is the default
configuration, the server returned replicated metadata when the
directory was searched while debugging was enabled. A remote attacker
could use this flaw to disclose potentially sensitive information.
Acknowledgements:
This issue was discovered by Ludwig Krispenz of Red Hat.
Further details can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3562
--
Vincent Danen / Red Hat Product Security
Download attachment "signature.asc" of type "application/pgp-signature" (711 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.