CVE-2016-0741
389-ds-base: worker threads do not detect abnormally closed connections causing DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
slapd/connection.c en 389 Directory Server (anteriormente Fedora Directory Server) 1.3.4.x en versiones anteriores a 1.3.4.7 permite a atacantes remotos causar una denegación de servicio (bucle infinito y bloqueo de conexion) aprovechándose de una conexión cerrada de manera anómala.
An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop accepting connections (denial of service).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-16 CVE Reserved
- 2016-02-16 CVE Published
- 2023-05-02 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/82343 | Vdb Entry | |
https://fedorahosted.org/389/changeset/cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2 | X_refsource_confirm | |
https://fedorahosted.org/389/ticket/48412 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html | 2016-10-12 |
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0204.html | 2016-10-12 | |
https://access.redhat.com/security/cve/CVE-2016-0741 | 2016-02-16 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1299416 | 2016-02-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Hpc Node Search vendor "Redhat" for product "Enterprise Linux Hpc Node" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Hpc Node" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | 389 Directory Server Search vendor "Fedoraproject" for product "389 Directory Server" | 1.3.4.0 Search vendor "Fedoraproject" for product "389 Directory Server" and version "1.3.4.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | 389 Directory Server Search vendor "Fedoraproject" for product "389 Directory Server" | 1.3.4.1 Search vendor "Fedoraproject" for product "389 Directory Server" and version "1.3.4.1" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | 389 Directory Server Search vendor "Fedoraproject" for product "389 Directory Server" | 1.3.4.4 Search vendor "Fedoraproject" for product "389 Directory Server" and version "1.3.4.4" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | 389 Directory Server Search vendor "Fedoraproject" for product "389 Directory Server" | 1.3.4.5 Search vendor "Fedoraproject" for product "389 Directory Server" and version "1.3.4.5" | - |
Affected
|