Upstream information

CVE-2015-1854 at MITRE

Description

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 929034 [RESOLVED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Server Applications 15
  • 389-ds >= 1.4.0.3-2.39
  • 389-ds-devel >= 1.4.0.3-2.39
Patchnames:
SUSE Linux Enterprise Module for Server Applications 15 GA 389-ds
openSUSE Tumbleweed
  • 389-ds >= 1.3.4.14-1.2
  • 389-ds-devel >= 1.3.4.14-1.2
Patchnames:
openSUSE Tumbleweed GA 389-ds