1
Candidate: CVE-2012-0833
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0833
5
https://rhn.redhat.com/errata/RHSA-2012-0813.html
7
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in
8
389 Directory Server before 1.2.10 does not properly handled access control
9
instructions (ACIs) that use certificate groups, which allows remote
10
authenticated LDAP users with a certificate group to cause a denial of
11
service (infinite loop and CPU consumption) by binding to the server.
15
https://bugzilla.redhat.com/show_bug.cgi?id=787014
16
https://fedorahosted.org/389/ticket/162
18
Discovered-by: Graham Leggett
22
patch: https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base
23
upstream_389-ds-base: released (1.2.10)
24
hardy_389-ds-base: DNE
25
lucid_389-ds-base: DNE
26
natty_389-ds-base: DNE
27
oneiric_389-ds-base: DNE
28
precise_389-ds-base: not-affected (1.2.10.4-0ubuntu3)
29
quantal_389-ds-base: ignored (reached end-of-life)
30
raring_389-ds-base: ignored (reached end-of-life)
31
saucy_389-ds-base: ignored (reached end-of-life)
32
trusty_389-ds-base: not-affected (1.2.10.4-0ubuntu3)
33
devel_389-ds-base: not-affected (1.2.10.4-0ubuntu3)