Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian 8: DLA-1428-1 Critical: 389-ds-base Denial of Service Issue

debian lts
Calendar Grey July 15, 2018
Dist Debian Esm H88
Important enhancements for 389-ds-base address vulnerabilities that could lead to unapproved entry and instability in the server.
CVE-2015-1854 A flaw was found while doing authorization of modrdn operations

Summary

CVE-2017-15134
Improper handling of a search filter in slapi_filter_sprintf()
in slapd/util.c can lead to remote server crash and denial
of service.

CVE-2018-1054
When read access on is enabled, a flaw in
SetUnicodeStringFromUTF_8 function in collate.c, can lead to
out-of-bounds memory operations.
This might result in a server crash, caused by unauthorized
users.

CVE-2018-1089
Any user (anonymous or authenticated) can crash ns-slapd with a
crafted ldapsearch query with very long filter value.

CVE-2018-10850
Due to a race condition the server could crash in turbo mode
(because of high traffic) or when a worker reads several requests
in the read buffer (more_data). Thus an anonymous attacker could
trigger a denial of service.


For Debian 8 "Jessie", these problems have been fixed in version
1.3.3.5-4+deb8u1.

We recommend that you upgrade your 389-ds-base packages.

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: 389-ds-base
Version: 1.3.3.5-4+deb8u1
CVE ID: CVE-2015-1854 CVE-2017-15134 CVE-2018-1054 CVE-2018-1089

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here