CVE-2014-0132
EPSS 0.45%
Description
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
How to fix CVE-2014-0132
To remediate CVE-2014-0132, upgrade the affected package to a fixed version below.
- Debian/389-ds-base—upgrade to 1.3.2.9-1.1 or later
Is CVE-2014-0132 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.3.2.9-1.1