CVE-2017-2668 – 389-ds-base: Remote crash via crafted LDAP messages

https://notcve.org/view.php?id=CVE-2017-2668

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. 389-ds-base en versiones anteriores a la 1.3.5.17 y 1.3.6.10 es vulnerable a una desreferencia de puntero inválido en la forma en la que se gestionan las peticiones LDAP. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición bind LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. • http://www.securityfocus.com/bid/97524 https://access.redhat.com/errata/RHSA-2017:0893 https://access.redhat.com/errata/RHSA-2017:0920 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668 https://pagure.io/389-ds-base/issue/49220 https://access.redhat.com/security/cve/CVE-2017-2668 https://bugzilla.redhat.com/show_bug.cgi?id=1436575 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •