You are here

CVE-2013-0336

Vincent (CVE) Danen's picture
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.

Details Source

Mitre

Statement

Not vulnerable. This issue did not affect the versions of IPA or 389-ds as shipped with Red Hat Enterprise Linux 5 or 6.

Public Date

2013-03-27 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-0336 389-ds-base: DoS when connecting with a missing username/dn

Bugzilla ID

913 751

CVSS Status

draft

Base Score

5.00

Base Metrics

AV:N/AC:L/Au:N/C:N/I:N/A:P

Acknowledgements

This issue was discovered by Sumit Bose of Red Hat.

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 ipa Not affected
Red Hat Enterprise Linux 6 389-ds-base Not affected