CVE-2017-2591
https://notcve.org/view.php?id=CVE-2017-2591
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service. 389-ds-base, en versiones anteriores a la 1.3.6, es vulnerable a un array terminado indebidamente en NULL en la función uniqueness_entry_to_config() en el plugin "attribute uniqueness" de 389 Directory Server. Un atacante autenticado o, posiblemente, sin autenticar, podría emplear este error para forzar una lectura fuera de límites de la memoria dinámica (heap), desencadenando un cierre inesperado del servicio LDAP. • http://www.securityfocus.com/bid/95670 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591 https://pagure.io/389-ds-base/issue/48986 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVE-2018-1054 – 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c
https://notcve.org/view.php?id=CVE-2018-1054
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. Se ha encontrado un error de lectura de memoria fuera de límites en la forma en la que 389-ds-base gestionaba ciertos filtros de búsqueda LDAP, que afecta a todas las versiones 1.4.x. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. • http://www.securityfocus.com/bid/103228 https://access.redhat.com/errata/RHSA-2018:0414 https://access.redhat.com/errata/RHSA-2018:0515 https://bugzilla.redhat.com/show_bug.cgi?id=1537314 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://pagure.io/389-ds-base/issue/49545 https://access.redhat.com/security/cve/CVE-2018-1054 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVE-2017-15134 – 389-ds-base: Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c
https://notcve.org/view.php?id=CVE-2017-15134
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. Se ha encontrado un error de desbordamiento de búfer basado en pila en la forma en la que 389-ds-base, en versiones 1.3.6.x anteriores a la 1.3.6.13, versiones 1.3.7.x anteriores a la 1.3.7.9 y versiones 1.4.x anteriores a la 1.4.0.5, gestionaba ciertos filtros de búsqueda LDAP. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html http://www.securityfocus.com/bid/102790 https://access.redhat.com/errata/RHSA-2018:0163 https://bugzilla.redhat.com/show_bug.cgi?id=1531573 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://pagure.io/389-ds-base/c/6aa2acdc3cad9 https://access.redhat.com/security/cve/CVE-2017-15134 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2017-15135 – 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c
https://notcve.org/view.php?id=CVE-2017-15135
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances. Se ha descubierto que 389-ds-base, desde la versión 1.3.6.1 y hasta e incluyendo la versión 1.4.0.3, no manipulaba siempre las operaciones de comparación de hash internas de manera correcta durante el proceso de autenticación. Un atacante remoto no autenticado podría emplear este error para omitir el proceso de autenticación bajo circunstancias muy excepcionales. It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html http://www.securityfocus.com/bid/102811 https://access.redhat.com/errata/RHSA-2018:0414 https://access.redhat.com/errata/RHSA-2018:0515 https://bugzilla.redhat.com/show_bug.cgi?id=1525628 https://access.redhat.com/security/cve/CVE-2017-15135 • CWE-287: Improper Authentication •
CVE-2015-1854 – 389-ds-base: access control bypass with modrdn
https://notcve.org/view.php?id=CVE-2015-1854
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. 389 Directory Server en versiones anteriores a la 1.3.3.10 permite que los atacantes omitan las restricciones de acceso previstas y modifiquen las entradas del directorio mediante una llamada ldapmodrdn manipulada. A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html http://www.securityfocus.com/bid/74392 https://access.redhat.com/errata/RHSA-2015:0895 https://bugzilla.redhat.com/show_bug.cgi?id=1209573 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://access.redhat.com/security/cve/CVE-2015-1854 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •