CVE-2014-8105

Published: 10 March 2015

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

Notes

Author	Note
tyhicks	The Red Hat bug says that FreeIPA versions 4.0+ are affected but it isn't clear to me if it is a bug in freeipa or 389-ds-base
sbeattie	further investigation doesn't show any changes made to freeipa for this issue.

Author

Note

tyhicks

The Red Hat bug says that FreeIPA versions 4.0+ are affected but it
isn't clear to me if it is a bug in freeipa or 389-ds-base

sbeattie

further investigation doesn't show any changes made to
freeipa for this issue.

Priority

Status

Package	Release	Status
389-ds-base Launchpad, Ubuntu, Debian	artful	Not vulnerable
	bionic	Not vulnerable
	cosmic	Not vulnerable
	disco	Not vulnerable
	lucid	Does not exist
	precise	Ignored (end of life)
	trusty	Does not exist (trusty was needed)
	upstream	Released (1.3.3.5-4)
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Ignored (end of life)
	xenial	Not vulnerable
	yakkety	Not vulnerable
	zesty	Not vulnerable
	Patches: other: https://pagure.io/389-ds-base/c/29652118e2ae17ca98c1934af5109f1ac87d94ae
freeipa Launchpad, Ubuntu, Debian	artful	Not vulnerable
	bionic	Not vulnerable
	cosmic	Not vulnerable
	disco	Not vulnerable
	lucid	Does not exist
	precise	Not vulnerable
	trusty	Not vulnerable
	upstream	Needs triage
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Ignored (end of life)
	xenial	Not vulnerable
	yakkety	Not vulnerable
	zesty	Not vulnerable

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›