PT-2018-10161 · Red Hat+3 · 389-Ds-Base+4

Adam Mariš

Publicado

2017-04-26

Atualizado

2024-06-15

CVE-2018-1089

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions 389-ds-base versions prior to 1.4.0.9 389-ds-base versions prior to 1.3.8.1 389-ds-base versions prior to 1.3.6.15

Description The issue is related to the improper handling of long search filters with characters needing escapes, which could potentially lead to buffer overflows. A remote, unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP request, resulting in denial of service.

Recommendations For versions prior to 1.4.0.9, update to version 1.4.0.9 or later. For versions prior to 1.3.8.1, update to version 1.3.8.1 or later. For versions prior to 1.3.6.15, update to version 1.3.6.15 or later.

Correção

DoS

Buffer Overflow

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-122

Identificadores relacionados

ALT-PU-2017-1532

CESA-2018_1364

CESA-2018_1380

CVE-2018-1089

DLA-1428-1

MGASA-2018-0245

OPENSUSE-SU-2024:10593-1

RHSA-2018:1364

RHSA-2018:1380

RHSA-2018_1364

RHSA-2018_1380

SUSE-SU-2019:2155-1

Produtos afetados

389-Ds-Base

Alt Linux

Centos

Red Hat

Suse

PT-2018-10161 · Red Hat+3 · 389-Ds-Base+4

CVE-2018-1089

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43