Date: Thu, 07 Aug 2014 12:12:27 -0600 From: "Vincent Danen" <vdanen@...hat.com> To: "OSS Security List" <oss-security@...ts.openwall.com> Subject: CVE-2014-3562: Vulnerability in 389-ds This was initially sent to the distros list on August 5th: It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information. Acknowledgements: This issue was discovered by Ludwig Krispenz of Red Hat. Further details can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3562 -- Vincent Danen / Red Hat Product Security Download attachment "signature.asc" of type "application/pgp-signature" (711 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.