Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia: 2022-0135 High: 290 Web Server Insecure Access Vulnerability

mageia
Calendar Grey April 9, 2022
Dist Mageia Esm H88
An announcement covers issues related to service disruptions and incorrect authentication in the 389 Directory Service. Find the specifics within.
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service

Summary

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing. (CVE-2022-0918)
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. (CVE-2022-0996)

References

- https://bugs.mageia.org/show_bug.cgi?id=30235

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/

-

- https://www.cve.org/CVERecord?id=CVE-2022-0918

- https://www.cve.org/CVERecord?id=CVE-2022-0996

Topics%20covered

Topics Covered

security advisory denial of service authentication issue 389 Directory Server Mageia

Resolution

SRPMS

- 8/core/389-ds-base-1.4.0.26-8.4.mga8

Publication date: 09 Apr 2022
URL: https://advisories.mageia.org/MGASA-2022-0134.html
Type: security
CVE: CVE-2022-0918, CVE-2022-0996

Topics%20covered

Topics Covered

security advisory denial of service authentication issue 389 Directory Server Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here