CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 2CVE-2018-14624 – 389-ds-base: Server crash through modify command with large DN
https://notcve.org/view.php?id=CVE-2018-14624
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. Se ha descubierto una vulnerabilidad en 389-ds-base hasta las versiones 1.3.7.10, 1.3.8.8 y 1.4.0.16. El bloqueo que controla el registro de errores no se empleaba correctamente al reabrir el archivo de registro en log__error_emergency(). • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html https://access.redhat.com/errata/RHSA-2018:2757 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624 https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html https://pagure.io/389-ds-base/issue/49937 https://access.redhat.com/security/cve/CVE-2018-14624 https://bugzilla.redhat.com/show_bug.cgi?id=1619450 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10871 – 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default
https://notcve.org/view.php?id=CVE-2018-10871
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords. 389-ds-base en versiones anteriores a la 1.3.8.5 y 1.4.0.12 es vulnerable al almacenamiento en texto claro de información sensible. Por defecto, cuando los plugins Replica y/o retroChangeLog están habilitados, 389-ds-base almacena contraseñas en formato de texto plano en sus respectivos archivos changelog. Un atacante con los suficientes privilegios elevados, como root o Directory Manager, puede consultar esos archivos para recuperar contraseñas en texto plano. • https://access.redhat.com/errata/RHSA-2019:3401 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871 https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html https://pagure.io/389-ds-base/issue/49789 https://access.redhat.com/security/cve/CVE-2018-10871 https://bugzilla.redhat.com/show_bug.cgi?id=1591480 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.1EPSS: 1%CPEs: 10EXPL: 0CVE-2018-10850 – 389-ds-base: race condition on reference counter leads to DoS using persistent search
https://notcve.org/view.php?id=CVE-2018-10850
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. 389-ds-base en versiones anteriores a la 1.4.0.10 y 1.3.8.3 es vulnerable a una condición de carrera por la forma en la que 389-ds-base gestiona las búsquedas persistentes. Esto resulta en un cierre inesperado si el servidor está bajo carga. Un atacante anónimo podría explotar este error para provocar una denegación de servicio (DoS). A race condition was found in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html https://access.redhat.com/errata/RHSA-2018:2757 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://pagure.io/389-ds-base/c/8f04487f99a https://pagure.io/389-ds-base/issue/49768 https://access.redhat.com/security/cve/CVE-2018-10850 https://bugzilla.redhat.com/show_bug.cgi?id=1588056 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0704
https://notcve.org/view.php?id=CVE-2011-0704
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request. 389 Directory Server 1.2.7.5, cuando se incluye con mozldap, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de replica) mediante el envío de una petición modify vacía. • https://bugzilla.redhat.com/show_bug.cgi?id=675320 https://bugzilla.redhat.com/show_bug.cgi?id=676876 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2591
https://notcve.org/view.php?id=CVE-2017-2591
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service. 389-ds-base, en versiones anteriores a la 1.3.6, es vulnerable a un array terminado indebidamente en NULL en la función uniqueness_entry_to_config() en el plugin "attribute uniqueness" de 389 Directory Server. Un atacante autenticado o, posiblemente, sin autenticar, podría emplear este error para forzar una lectura fuera de límites de la memoria dinámica (heap), desencadenando un cierre inesperado del servicio LDAP. • http://www.securityfocus.com/bid/95670 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591 https://pagure.io/389-ds-base/issue/48986 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •