PT-2018-3495 · Red Hat+3 · 389-Ds-Base+4

Published

2018-09-06

Updated

2024-06-15

CVE-2018-14624

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: 389-ds-base versions 1.3.7.10 through 1.4.0.16

Description: A vulnerability was discovered in the log error emergency() function of the 389 Directory Server due to insufficient input validation. This issue could allow a remote attacker to cause a denial of service by sending a flood of modifications to a very large DN, which would cause slapd to crash.

Recommendations: For versions 1.3.7.10 through 1.4.0.16, consider restricting access to the log error emergency() function as a temporary workaround until a patch is available. Additionally, monitor the error log for suspicious activity and adjust the logging configuration to prevent excessive log entries.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-2458

BDU:2020-02774

CESA-2018_2757

CVE-2018-14624

DLA-1526-1

ELSA-2018-2757

MGASA-2018-0404

OPENSUSE-SU-2019:1397-1

OPENSUSE-SU-2019_1397-1

OPENSUSE-SU-2024:10593-1

RHSA-2018:2757

RHSA-2018_2757

SUSE-SU-2019:1207-1

SUSE-SU-2019:1207-2

SUSE-SU-2019_1207-1

SUSE-SU-2019_1207-2

Affected Products

389-Ds-Base

Alt Linux

Centos

Red Hat

Suse

PT-2018-3495 · Red Hat+3 · 389-Ds-Base+4

CVE-2018-14624

Weakness Enumeration

Related Identifiers

Affected Products

References · 43