PT-2018-7121 · Red Hat+1 · 389-Ds-Base+1

Firstyear

Publicado

2016-11-09

Atualizado

2019-10-09

CVE-2017-2591

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: 389-ds-base versions prior to 1.3.6

Description: The issue arises from an improperly NULL terminated array in the uniqueness entry to config() function within the "attribute uniqueness" plugin of 389 Directory Server. This could allow an authenticated, or possibly unauthenticated, attacker to force an out-of-bound heap memory read, potentially causing a crash of the LDAP service.

Recommendations: For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue.

Correção

Heap Based Buffer Overflow

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122CWE-125

Identificadores relacionados

ALT-PU-2016-2270

CVE-2017-2591

MGASA-2017-0028

Produtos afetados

389-Ds-Base

Alt Linux

PT-2018-7121 · Red Hat+1 · 389-Ds-Base+1

CVE-2017-2591

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15