VDB
GCVE-110-MAGEIA-2016-350
GCVE-110-MAGEIA-2016-350
Advisory Published
A vulnerability in 389-ds-base was found that allows to bypass limitations
for compare and read operations specified by Access Control Instructions.
When having LDAP sub-tree with some existing objects and having BIND DN
which have no privileges over objects inside the sub-tree, unprivileged
user can send LDAP ADD operation specifying an object in (supposedly)
inaccessible sub-tree. The returned error messages discloses the
information when the queried object exists having the specified value.
Attacker can use this flaw to guess values of RDN component by repeating
the above process (CVE-2016-4992).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | 389-ds-base | 0 (affected), 1.3.4.14-1.mga5 (unaffected) | — |
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.