PT-2018-3495 · Red Hat+3 · 389-Ds-Base+4

Publicado

2018-09-06

Atualizado

2024-06-15

CVE-2018-14624

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: 389-ds-base versions 1.3.7.10 through 1.4.0.16

Description: A vulnerability was discovered in the log error emergency() function of the 389 Directory Server due to insufficient input validation. This issue could allow a remote attacker to cause a denial of service by sending a flood of modifications to a very large DN, which would cause slapd to crash.

Recommendations: For versions 1.3.7.10 through 1.4.0.16, consider restricting access to the log error emergency() function as a temporary workaround until a patch is available. Additionally, monitor the error log for suspicious activity and adjust the logging configuration to prevent excessive log entries.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2018-2458

BDU:2020-02774

CESA-2018_2757

CVE-2018-14624

DLA-1526-1

ELSA-2018-2757

MGASA-2018-0404

OPENSUSE-SU-2019:1397-1

OPENSUSE-SU-2019_1397-1

OPENSUSE-SU-2024:10593-1

RHSA-2018:2757

RHSA-2018_2757

SUSE-SU-2019:1207-1

SUSE-SU-2019:1207-2

SUSE-SU-2019_1207-1

SUSE-SU-2019_1207-2

Produtos afetados

389-Ds-Base

Alt Linux

Centos

Red Hat

Suse

PT-2018-3495 · Red Hat+3 · 389-Ds-Base+4

CVE-2018-14624

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43