Candidate: CVE-2013-1897
PublicDate: 2013-05-13 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1897
 http://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286
 https://fedorahosted.org/389/ticket/47308
Description:
 The do_search function in ldap/servers/slapd/search.c in 389 Directory
 Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly
 restrict access to entries when the nsslapd-allow-anonymous-access
 configuration is set to rootdse and the BASE search scope is used, which
 allows remote attackers to obtain sensitive information outside of the
 rootDSE via a crafted LDAP search.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704421
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_389-ds-base:
 upstream: https://fedorahosted.org/389/attachment/ticket/47308/0001-Ticket-47308-unintended-information-exposure-when-an.patch
upstream_389-ds-base: released (1.3.2.9)
hardy_389-ds-base: DNE
lucid_389-ds-base: DNE
oneiric_389-ds-base: DNE
precise_389-ds-base: ignored (reached end-of-life)
precise/esm_389-ds-base: DNE (precise was needed)
quantal_389-ds-base: ignored (reached end-of-life)
raring_389-ds-base: ignored (reached end-of-life)
saucy_389-ds-base: ignored (reached end-of-life)
trusty_389-ds-base: not-affected (1.3.2.11-0ubuntu1)
trusty/esm_389-ds-base: DNE (trusty was not-affected [1.3.2.11-0ubuntu1])
utopic_389-ds-base: not-affected (1.3.2.11-0ubuntu1)
vivid_389-ds-base: not-affected (1.3.2.11-0ubuntu1)
vivid/stable-phone-overlay_389-ds-base: DNE
vivid/ubuntu-core_389-ds-base: DNE
wily_389-ds-base: not-affected (1.3.2.11-0ubuntu1)
xenial_389-ds-base: not-affected (1.3.2.11-0ubuntu1)
yakkety_389-ds-base: not-affected (1.3.2.11-0ubuntu1)
zesty_389-ds-base: not-affected (1.3.2.11-0ubuntu1)
devel_389-ds-base: not-affected (1.3.2.11-0ubuntu1)