CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1054 – 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c
https://notcve.org/view.php?id=CVE-2018-1054
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. Se ha encontrado un error de lectura de memoria fuera de límites en la forma en la que 389-ds-base gestionaba ciertos filtros de búsqueda LDAP, que afecta a todas las versiones 1.4.x. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. • http://www.securityfocus.com/bid/103228 https://access.redhat.com/errata/RHSA-2018:0414 https://access.redhat.com/errata/RHSA-2018:0515 https://bugzilla.redhat.com/show_bug.cgi?id=1537314 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://pagure.io/389-ds-base/issue/49545 https://access.redhat.com/security/cve/CVE-2018-1054 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1854 – 389-ds-base: access control bypass with modrdn
https://notcve.org/view.php?id=CVE-2015-1854
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. 389 Directory Server en versiones anteriores a la 1.3.3.10 permite que los atacantes omitan las restricciones de acceso previstas y modifiquen las entradas del directorio mediante una llamada ldapmodrdn manipulada. A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html http://www.securityfocus.com/bid/74392 https://access.redhat.com/errata/RHSA-2015:0895 https://bugzilla.redhat.com/show_bug.cgi?id=1209573 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://access.redhat.com/security/cve/CVE-2015-1854 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7551 – 389-ds-base: Password brute-force possible for locked account due to different return codes
https://notcve.org/view.php?id=CVE-2017-7551
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. 389-ds-base en su versión anterior a 1.3.5.19 y 1.3.6.7 es vulnerable a ataques de fuerza bruta de contraseñas durante un bloqueo de cuenta debido a los diferentes códigos de retorno que se devuelven durante los intentos de contraseña. A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory server's password lockout policy. • https://access.redhat.com/errata/RHSA-2017:2569 https://pagure.io/389-ds-base/issue/49336 https://access.redhat.com/security/cve/CVE-2017-7551 https://bugzilla.redhat.com/show_bug.cgi?id=1477669 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-2668 – 389-ds-base: Remote crash via crafted LDAP messages
https://notcve.org/view.php?id=CVE-2017-2668
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. 389-ds-base en versiones anteriores a la 1.3.5.17 y 1.3.6.10 es vulnerable a una desreferencia de puntero inválido en la forma en la que se gestionan las peticiones LDAP. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición bind LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. • http://www.securityfocus.com/bid/97524 https://access.redhat.com/errata/RHSA-2017:0893 https://access.redhat.com/errata/RHSA-2017:0920 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668 https://pagure.io/389-ds-base/issue/49220 https://access.redhat.com/security/cve/CVE-2017-2668 https://bugzilla.redhat.com/show_bug.cgi?id=1436575 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0CVE-2016-0741 – 389-ds-base: worker threads do not detect abnormally closed connections causing DoS
https://notcve.org/view.php?id=CVE-2016-0741
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection. slapd/connection.c en 389 Directory Server (anteriormente Fedora Directory Server) 1.3.4.x en versiones anteriores a 1.3.4.7 permite a atacantes remotos causar una denegación de servicio (bucle infinito y bloqueo de conexion) aprovechándose de una conexión cerrada de manera anómala. An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop accepting connections (denial of service). • http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html http://rhn.redhat.com/errata/RHSA-2016-0204.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/82343 https://fedorahosted.org/389/changeset/cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2 https://fedorahosted.org/389/ticket/48412 https://access.redhat.com/security/cve/CVE-2016-0741 https://bugzilla.redhat.com/show_bug.cgi?id=1299416 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •