Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Debian LTS 11: DLA-4021-1 critical: 389-ds-base multiple security risks

debian lts
Calendar Grey January 20, 2025
Dist Debian Esm H88
Essential patches for Debian LTS resolve security issues in 389-ds-base LDAP. Vital for maintaining system integrity and performance.
This update fixes multiple vulnerabilities in 389-ds-base LDAP server

Summary

CVE-2021-3652

If an asterisk is imported as password hashes, either accidentally
or maliciously, then instead of being inactive, any password will
successfully match during authentication. This flaw allows an attacker
to successfully authenticate as a user whose password was disabled.

CVE-2021-4091

A double-free was found in the way 389-ds-base handles virtual
attributes context in persistent searches. An attacker could send a
series of search requests, forcing the server to behave unexpectedly,
and crash.

CVE-2022-0918

A vulnerability allows an unauthenticated attacker with network
access to the LDAP port to cause a denial of service. The denial of
service is triggered by a single message sent over a TCP connection,
no bind or other authentication is required. The message triggers
a segmentation fault that results in slapd crashing.

CVE-2022-0996

A vulnerability allows expired passwords to access the database to
cause improper authentication.

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: 389-ds-base
Version: 1.4.4.11-2+deb11u1
CVE ID: CVE-2021-3652 CVE-2021-4091 CVE-2022-0918 CVE-2022-0996

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here