CVE-2014-0132
CVSS V2 Medium 6.5
CVSS V3 None
Description
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
Overview
- CVE ID
- CVE-2014-0132
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2014-03-18T17:02:53
- Last Modified Date
- 2023-02-13T00:32:40
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:* | 1 | OR | 1.2.11.25 | |
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.5:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.6:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.8:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.9:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.10:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.11:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.12:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.13:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.14:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.15:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.17:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.19:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.20:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.21:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.22:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.23:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- SINGLE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6.5
- Severity
- MEDIUM
- Exploitability Score
- 8
- Impact Score
- 6.4
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2014-0132 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0132 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 10:36:41 | Added to TrackCVE | |||
| 2022-12-01 22:22:02 | 2014-03-18T17:02Z | 2014-03-18T17:02:53 | CVE Published Date | updated |
| 2022-12-01 22:22:02 | 2014-03-19T14:12:09 | CVE Modified Date | updated | |
| 2022-12-01 22:22:02 | Analyzed | Vulnerability Status | updated | |
| 2023-02-02 21:04:08 | 2023-02-02T20:16:22 | CVE Modified Date | updated | |
| 2023-02-02 21:04:08 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-02-02 21:04:09 | The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind. | CVE-2014-0132 389-ds: flaw in parsing authzid can lead to privilege escalation | Description | updated |
| 2023-02-02 21:04:13 | References | updated | ||
| 2023-02-13 01:04:39 | 2023-02-13T00:32:40 | CVE Modified Date | updated | |
| 2023-02-13 01:04:41 | CVE-2014-0132 389-ds: flaw in parsing authzid can lead to privilege escalation | The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind. | Description | updated |