389 Directory Server Certificate Groups Remote Denial of Service Vulnerability

Bugtraq ID:	52044
Class:	Unknown
CVE:	CVE-2012-0833
Remote:	Yes
Local:	No
Published:	Feb 02 2012 12:00AM
Updated:	Feb 21 2013 08:42PM
Credit:	The vendor reported this issue.
Vulnerable:	RedHat Directory Server 8 EL 5 Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux Desktop Optional 6 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 389 Directory Server 389 Directory Server 1.2.9.9
Not Vulnerable:

389 Directory Server Certificate Groups Remote Denial of Service Vulnerability

389 Directory Server is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the application, denying service to legitimate users.

389 Directory Server 1.2.9.9 is vulnerable; other versions may also be affected.

389 Directory Server Certificate Groups Remote Denial of Service Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

389 Directory Server Certificate Groups Remote Denial of Service Vulnerability

Solution:
Fixes are available in repository. Please see the references for more information.

389 Directory Server Certificate Groups Remote Denial of Service Vulnerability

References:

• 389 Directory Server Homepage (389 Directory Server)
  
• Bug 787014 - (CVE-2012-0833) CVE-2012-0833 389: denial of service when using cer (Fedora)
  
• Infinite loop / spin inside strcmpi_fast, acl_read_access_allowed_on_attr, serve (Fedora)