Mkosek

**Name of the Vulnerable Software and Affected Versions** FreeIPA versions prior to 4.1.4 **Description** The issue is related to the get user grouplist function in the extdom plug-in, which does not properly reallocate memory when processing user accounts. This allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. **Recommendations** For versions prior to 4.1.4, update to version 4.1.4 or later to resolve the issue. As a temporary workaround, consider restricting the number of groups a user can belong to, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 389 Directory Server versions 1.2.x through 1.2.11.19 389 Directory Server versions 1.3.x through 1.3.0.4 **Description** The issue allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search, due to the do search function not properly restricting access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used. **Recommendations** For 389 Directory Server versions 1.2.x through 1.2.11.19, update to version 1.2.11.20 or later. For 389 Directory Server versions 1.3.x through 1.3.0.4, update to version 1.3.0.5 or later.