CVE-2017-15134 – 389-ds-base: Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c
https://notcve.org/view.php?id=CVE-2017-15134
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. Se ha encontrado un error de desbordamiento de búfer basado en pila en la forma en la que 389-ds-base, en versiones 1.3.6.x anteriores a la 1.3.6.13, versiones 1.3.7.x anteriores a la 1.3.7.9 y versiones 1.4.x anteriores a la 1.4.0.5, gestionaba ciertos filtros de búsqueda LDAP. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html http://www.securityfocus.com/bid/102790 https://access.redhat.com/errata/RHSA-2018:0163 https://bugzilla.redhat.com/show_bug.cgi?id=1531573 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://pagure.io/389-ds-base/c/6aa2acdc3cad9 https://access.redhat.com/security/cve/CVE-2017-15134 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2017-15135 – 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c
https://notcve.org/view.php?id=CVE-2017-15135
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances. Se ha descubierto que 389-ds-base, desde la versión 1.3.6.1 y hasta e incluyendo la versión 1.4.0.3, no manipulaba siempre las operaciones de comparación de hash internas de manera correcta durante el proceso de autenticación. Un atacante remoto no autenticado podría emplear este error para omitir el proceso de autenticación bajo circunstancias muy excepcionales. It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html http://www.securityfocus.com/bid/102811 https://access.redhat.com/errata/RHSA-2018:0414 https://access.redhat.com/errata/RHSA-2018:0515 https://bugzilla.redhat.com/show_bug.cgi?id=1525628 https://access.redhat.com/security/cve/CVE-2017-15135 • CWE-287: Improper Authentication •
CVE-2015-1854 – 389-ds-base: access control bypass with modrdn
https://notcve.org/view.php?id=CVE-2015-1854
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. 389 Directory Server en versiones anteriores a la 1.3.3.10 permite que los atacantes omitan las restricciones de acceso previstas y modifiquen las entradas del directorio mediante una llamada ldapmodrdn manipulada. A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html http://www.securityfocus.com/bid/74392 https://access.redhat.com/errata/RHSA-2015:0895 https://bugzilla.redhat.com/show_bug.cgi?id=1209573 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://access.redhat.com/security/cve/CVE-2015-1854 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVE-2017-7551 – 389-ds-base: Password brute-force possible for locked account due to different return codes
https://notcve.org/view.php?id=CVE-2017-7551
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. 389-ds-base en su versión anterior a 1.3.5.19 y 1.3.6.7 es vulnerable a ataques de fuerza bruta de contraseñas durante un bloqueo de cuenta debido a los diferentes códigos de retorno que se devuelven durante los intentos de contraseña. A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory server's password lockout policy. • https://access.redhat.com/errata/RHSA-2017:2569 https://pagure.io/389-ds-base/issue/49336 https://access.redhat.com/security/cve/CVE-2017-7551 https://bugzilla.redhat.com/show_bug.cgi?id=1477669 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVE-2017-2668 – 389-ds-base: Remote crash via crafted LDAP messages
https://notcve.org/view.php?id=CVE-2017-2668
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. 389-ds-base en versiones anteriores a la 1.3.5.17 y 1.3.6.10 es vulnerable a una desreferencia de puntero inválido en la forma en la que se gestionan las peticiones LDAP. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición bind LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. • http://www.securityfocus.com/bid/97524 https://access.redhat.com/errata/RHSA-2017:0893 https://access.redhat.com/errata/RHSA-2017:0920 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668 https://pagure.io/389-ds-base/issue/49220 https://access.redhat.com/security/cve/CVE-2017-2668 https://bugzilla.redhat.com/show_bug.cgi?id=1436575 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •