PT-2019-16752 · Red Hat+4 · 389-Ds-Base+5

Tbordaz

Published

2019-04-17

Updated

2023-04-24

CVE-2019-3883

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions 389-ds-base versions 1.4.1.2 and earlier

Description The issue allows an unauthenticated attacker to create hanging LDAP requests, potentially hanging all worker threads and resulting in a Denial of Service. This occurs because connections using SSL/TLS do not take into account the 'ioblocktimeout' during reads, unlike un-encrypted requests.

Recommendations For 389-ds-base versions 1.4.1.2 and earlier, consider disabling SSL/TLS connections or restricting the use of LDAP requests until a patch is available. As a temporary workaround, adjust the 'ioblocktimeout' value to minimize the risk of exploitation.

Fix

DoS

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

ALT-PU-2019-2649

ALT-PU-2019-3188

CESA-2019_1896

CESA-2019_3401

CVE-2019-3883

DLA-1779-1

DLA-3399-1

MGASA-2019-0411

RHSA-2019:1896

RHSA-2019:3401

RHSA-2019_1896

RHSA-2019_3401

SUSE-SU-2019:2155-1

Affected Products

389-Ds-Base

Alt Linux

Astra Linux

Centos

Red Hat

Suse

PT-2019-16752 · Red Hat+4 · 389-Ds-Base+5

CVE-2019-3883

Weakness Enumeration

Related Identifiers

Affected Products

References · 44