PT-2019-16752 · Red Hat+4 · 389-Ds-Base+5

Tbordaz

Publicado

2019-04-17

Atualizado

2023-04-24

CVE-2019-3883

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions 389-ds-base versions 1.4.1.2 and earlier

Description The issue allows an unauthenticated attacker to create hanging LDAP requests, potentially hanging all worker threads and resulting in a Denial of Service. This occurs because connections using SSL/TLS do not take into account the 'ioblocktimeout' during reads, unlike un-encrypted requests.

Recommendations For 389-ds-base versions 1.4.1.2 and earlier, consider disabling SSL/TLS connections or restricting the use of LDAP requests until a patch is available. As a temporary workaround, adjust the 'ioblocktimeout' value to minimize the risk of exploitation.

Correção

DoS

Missing Release of Resource after Effective Lifetime

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-772

Identificadores relacionados

ALT-PU-2019-2649

ALT-PU-2019-3188

CESA-2019_1896

CESA-2019_3401

CVE-2019-3883

DLA-1779-1

DLA-3399-1

MGASA-2019-0411

RHSA-2019:1896

RHSA-2019:3401

RHSA-2019_1896

RHSA-2019_3401

SUSE-SU-2019:2155-1

Produtos afetados

389-Ds-Base

Alt Linux

Astra Linux

Centos

Red Hat

Suse

PT-2019-16752 · Red Hat+4 · 389-Ds-Base+5

CVE-2019-3883

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 44