PT-2018-7171 · Red Hat+2 · 389-Ds-Base+3

Mreynolds

·

Publicado

2017-04-11

·

Atualizado

2019-10-09

·

CVE-2017-2668

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: 389-ds-base versions prior to 1.3.5.17 389-ds-base versions prior to 1.3.6.10
Description: The issue arises from an invalid pointer dereference when handling LDAP bind requests. A remote unauthenticated attacker could exploit this to cause ns-slapd to crash using a specially crafted LDAP bind request, resulting in denial of service.
Recommendations: For versions prior to 1.3.5.17, update to version 1.3.5.17 or later. For versions prior to 1.3.6.10, update to version 1.3.6.10 or later.

Correção

DoS

Buffer Overflow

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-476

Identificadores relacionados

ALT-PU-2017-1532
CESA-2017_0893
CESA-2017_0920
CVE-2017-2668
MGASA-2017-0123
RHSA-2017:0893
RHSA-2017:0920
RHSA-2017_0893
RHSA-2017_0920

Produtos afetados

389-Ds-Base
Alt Linux
Centos
Red Hat