{"id":"MGASA-2013-0263","summary":"Updated 389-ds-base packag fixes security vulnerabilies and incorrect group usage","details":"Updated 389-ds-base packages fix security vulnerabilities:\n\nIt was discovered that the 389 Directory Server did not honor defined\nattribute access controls when evaluating search filter expressions. A\nremote attacker (with permission to query the Directory Server) could use\nthis flaw to determine the values of restricted attributes via a series of\nsearch queries with filter conditions that used restricted attributes\n(CVE-2013-2219).\n\nIt was discovered that the 389 Directory Server did not properly handle the\nreceipt of certain MOD operations with a bogus Distinguished Name (DN). A\nremote, unauthenticated attacker could use this flaw to cause the 389\nDirectory Server to crash (CVE-2013-4283).\n\nAdditionally, problems of wrong default group nobody (from upstream) as well\nas the 389-ds server not starting after a reboot have been fixed (mga#10138).\n","modified":"2026-04-16T06:22:30.671140020Z","published":"2013-08-30T17:23:22Z","upstream":["CVE-2013-2219","CVE-2013-4283"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0263.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10138"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10889"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2013-1119.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2013-1182.html"}],"affected":[{"package":{"name":"389-ds-base","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/389-ds-base?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0.8-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0263.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}