Candidate: CVE-2014-0132
PublicDate: 2014-03-18 17:02:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0132
Description:
 The SASL authentication functionality in 389 Directory Server before
 1.2.11.26 allows remote authenticated users to connect as an arbitrary user
 and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741600
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0132
 https://fedorahosted.org/389/ticket/47739
Priority: high
Discovered-by:
Assigned-to:
CVSS: 

Patches_389-ds-base:
 upstream: https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/
upstream_389-ds-base: released (1.3.2.16)
lucid_389-ds-base: DNE
precise_389-ds-base: ignored (reached end-of-life)
precise/esm_389-ds-base: DNE (precise was needed)
quantal_389-ds-base: ignored (reached end-of-life)
saucy_389-ds-base: ignored (reached end-of-life)
trusty_389-ds-base: not-affected (1.3.2.16-0ubuntu1)
trusty/esm_389-ds-base: DNE (trusty was not-affected [1.3.2.16-0ubuntu1])
utopic_389-ds-base: not-affected (1.3.2.16-0ubuntu1)
vivid_389-ds-base: not-affected (1.3.2.16-0ubuntu1)
vivid/stable-phone-overlay_389-ds-base: DNE
vivid/ubuntu-core_389-ds-base: DNE
wily_389-ds-base: not-affected (1.3.2.16-0ubuntu1)
xenial_389-ds-base: not-affected (1.3.2.16-0ubuntu1)
yakkety_389-ds-base: not-affected (1.3.2.16-0ubuntu1)
zesty_389-ds-base: not-affected (1.3.2.16-0ubuntu1)
devel_389-ds-base: not-affected (1.3.2.16-0ubuntu1)