Submitted by Vincent (CVE) Danen on Thu, 09/17/2015 - 20:29
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.
Not vulnerable. This issue did not affect the versions of IPA or 389-ds as shipped with Red Hat Enterprise Linux 5 or 6.
CVE-2013-0336 389-ds-base: DoS when connecting with a missing username/dn
This issue was discovered by Sumit Bose of Red Hat.
Affected Packages State
|Red Hat Enterprise Linux 6||ipa||Not affected|
|Red Hat Enterprise Linux 6||389-ds-base||Not affected|