Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Wed, 26 Sep 2012 09:29:27 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Noriko Hosoi <nhosoi@...hat.com>, Rich Megginson <rmeggins@...hat.com>
Subject: Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR
 is not evaluated in ACL (ACL rules bypass possible)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/26/2012 03:54 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> Noriko Hosoi of Red Hat notified us about the following
> deficiency:
> 
> A possibility to bypass access control list (ACL) definitions was
> found in the way 389 Directory Server performed LDAP modifyRDN
> operation upon request from client. When a user has been granted
> access to set of DN entries, but denied access to a specific subset
> of those entries, it was possible the user to obtain temporary
> (till next Directory Server restart) access to that subset of
> entries (they should not have had otherwise ability to access) when
> the DN entry was moved via database modify RDN function.
> 
> Upstream ticket: [1] https://fedorahosted.org/389/ticket/340
> 
> Relevant upstream patch: [2]
> http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
>
>  Could you allocate a CVE id for this?
> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team

Please use CVE-2012-4450 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQYx9XAAoJEBYNRVNeJnmTKi4P/RmXXD/LOtYKBLQ0ag5TIkZ3
Ccr+18fhhvsshUF+DJccMyOozDE2BtAWM10KylFbek6FDefASl3ygTWc/8w2FwOu
NaP4KFy2cm6b84M+lQL6xWZ8abL9M1PR+4MBE79pEKs5QBJXjbnxcJTAs6loJPVr
b7NMRerndaJzTzSux9mTKFPYESrtWRnvdOvwALKN2Fg4pPBF06evs9P7MaNUjJnd
P7tsucsqgDQBxE2Nw3efCiDfuNW4Q3YGOLgdMrKar64sbd8sbj2wIZ0ik9e6G2Hh
LGCzWZc+8jX8UsZxH/U8uSyBAuV4eQVqqUxxEBUHqiErwZlx9U1vIra5vJ81hub1
QNsK0hxbKd0RqguntD1iSawsTyrELu+Bje3AMXTRB/rr/rF8n3mmDEGOhy3GH2xo
OF9TGAytVbBky2oHxdbLH/KEjVZ0PHUttNdVr3nq1ukfUf6F5+gL9cNU9VktcX6D
PYfljJz5jHdtr61L5rYTfwtd14RHuCFxXf0qyDMwgYQkWydUp6nubLLs/SFfiAsX
+H08GKbi3Ixt8b+ms70XYqfNSmy17w1AvcyP3wqd72qwpzgII0gfTMn4upJribtc
BS8yBiL6C4O6F9MpJUsMsRJPDaG35nUb6N1y+AOUhaeLRaqUwvDn/bdoliaXZqyI
5gDYrkppGv9XzPRjGNrU
=EtKB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ