{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-22T00:00:00", "descriptions": [{"lang": "en", "value": "The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-03-31T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "1025102", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025102"}, {"name": "RHSA-2011:0293", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671199"}, {"name": "46489", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46489"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:43:13.719Z"}, "title": "CVE Program Container", "references": [{"name": "1025102", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025102"}, {"name": "RHSA-2011:0293", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671199"}, {"name": "46489", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46489"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0022", "datePublished": "2011-02-23T18:00:00", "dateReserved": "2010-12-07T00:00:00", "dateUpdated": "2024-08-06T21:43:13.719Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE2E9C8D-FFEE-424C-BBA6-42BD4309D18A", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "8F2E9CEF-F30D-4374-A7E2-052102B602A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "16A8729B-B00B-4871-B083-6B10A5034721", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "6335FA65-9498-40AF-AE2B-034DA2823821", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "8CF92ADB-B5B0-43D7-93D8-CBA3AE46EB8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*", "matchCriteriaId": "17F8ED59-E27A-4B9B-8BB8-66FAB2B2DCFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*", "matchCriteriaId": "4200CEAB-4E14-48C8-9D6F-F86796475019", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*", "matchCriteriaId": "3179916B-F98C-4D10-82AB-59DCCACBE8DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "B44B5289-08BB-4D62-B60D-1BD738472B1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*", "matchCriteriaId": "02392BBF-AFAB-4739-BAF6-E930692AB28F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*", "matchCriteriaId": "BFF70436-E01E-4912-AC31-B600F5E8CB4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*", "matchCriteriaId": "360BA51B-B47E-4537-B564-9E628DF4E6EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "987F04BC-75DC-4959-AE32-070F11F9EBC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "078BCE55-90BB-48DE-92D1-9A152338158C", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "595F5AEE-E4A9-40E0-AF03-69AF689C4916", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*", "matchCriteriaId": "FED47519-F254-4545-8551-FFBD0B4F9FAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*", "matchCriteriaId": "A06C0421-74B7-4F9D-9F3A-18BF62BDD4D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "83F772DF-B8A7-4577-9AC6-3234B8C7FFAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*", "matchCriteriaId": "60624BFB-BB50-47F9-BB6D-BC92B40988BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:*:*:*:*:*:*", "matchCriteriaId": "5809DC7B-AC50-4E03-A8FA-6C2C6B67A400", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:*:*:*:*:*:*", "matchCriteriaId": "04FED7B7-7D97-4020-9D5C-A7150B43838C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:directory_server:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "EDC61481-16C5-44EF-AA40-8423A40B2581", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:directory_server:8.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "C92B4226-6D3D-4430-A753-92E828FBBB8C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory."}, {"lang": "es", "value": "Las secuencias de comandos de configuraci\u00f3n en 389 Directory Server v1.2.x (tambi\u00e9n conocido como Red Hat Directory Server 8.2.x)), cuando varias instancias sin privilegios est\u00e1n configuradas, usa permisos 0777 para el directorio /var/run/dirsrv, que permite a usuarios locales provocar una denegaci\u00f3n de servicios (fallo de demonio o terminaci\u00f3n de procesos de su elecci\u00f3n) mediante la sustituci\u00f3n de los archivos PID contenidos en este directorio."}], "id": "CVE-2011-0022", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-02-23T19:00:01.813", "references": [{"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/46489"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1025102"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/46489"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1025102"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671199"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0293", "cpe": "cpe:/a:redhat:directory_server:8::el5", "package": "redhat-ds-admin-0:8.2.1-1.el5dsrv", "product_name": "Red Hat Directory Server 8 for RHEL 5", "release_date": "2011-02-22T00:00:00Z"}, {"advisory": "RHSA-2011:0293", "cpe": "cpe:/a:redhat:directory_server:8::el5", "package": "redhat-ds-base-0:8.2.4-1.el5dsrv", "product_name": "Red Hat Directory Server 8 for RHEL 5", "release_date": "2011-02-22T00:00:00Z"}], "bugzilla": {"description": "Server: insecure pid file directory permissions", "id": "671199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671199"}, "csaw": false, "cvss": {"cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified"}, "details": ["The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory."], "name": "CVE-2011-0022", "public_date": "2011-02-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-0022\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0022"], "threat_severity": "Moderate"}