CVE-2014-0132 Information

Description

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.

Reference

http://rhn.redhat.com/errata/RHSA-2014-0292.html http://secunia.com/advisories/57412 http://secunia.com/advisories/57427 https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/ https://fedorahosted.org/389/ticket/47739