CVE-2005-3630
CVSS5.0
发布时间 :2005-12-31 00:00:00
修订时间 :2008-09-05 16:54:51
NMCOS    

[原文]Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.


[CNNVD]Fedora目录服务器口令信息泄露漏洞(CNNVD-200512-893)

        Fedora目录服务器是一款功能强大的开放源码服务器,用于管理大型用户和资源目录。
        Fedora目录服务器中存在信息泄露漏洞,远程攻击者可能获得服务器口令。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3630
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3630
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-893
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=121994
(PATCH)  MISC  https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=121994
http://www.securityfocus.com/bid/16729
(PATCH)  BID  16729
http://secunia.com/advisories/18939
(VENDOR_ADVISORY)  SECUNIA  18939
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837
http://directory.fedora.redhat.com/wiki/FDS10Announcement
(UNKNOWN)  CONFIRM  http://directory.fedora.redhat.com/wiki/FDS10Announcement

- 漏洞信息

Fedora目录服务器口令信息泄露漏洞
中危 访问验证错误
2005-12-31 00:00:00 2006-03-02 00:00:00
远程  
        Fedora目录服务器是一款功能强大的开放源码服务器,用于管理大型用户和资源目录。
        Fedora目录服务器中存在信息泄露漏洞,远程攻击者可能获得服务器口令。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://directory.fedora.redhat.com/sources/fedora-ds-1.0.1.tar.gz

- 漏洞信息

23350
Fedora Directory Server Crafted IFRAME adm.conf Admin Server Password Disclosure

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-12-02 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Fedora Directory Server Password Information Disclosure Vulnerability
Access Validation Error 16729
Yes No
2006-02-20 12:00:00 2006-02-22 04:42:00
The vendor disclosed this vulnerability.

- 受影响的程序版本

RedHat Fedora Directory Server 1.0
RedHat Fedora Directory Server 1.0.1

- 不受影响的程序版本

RedHat Fedora Directory Server 1.0.1

- 漏洞讨论

Fedora Directory Server is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to do proper access validation before granting access to sensitive and privileged information.


An attacker can exploit this vulnerability to obtain escalated privileges within the context of the server application. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.

- 漏洞利用

No exploit is required.

- 解决方案


The vendor has addressed this issue by releasing version 1.0.1. Please see the references for further details.


RedHat Fedora Directory Server 1.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站