Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 6 Mar 2018 09:26:00 +0530
From: Dhiru Kholia <dkholia@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Salvatore Bonaccorso <carnil@...ian.org>
Subject: Remote DoS flaw in 389-ds-base

Hi,
  
Here is a notification about a remote DoS flaw in the 389-ds-base
package (389 Directory Server).

NOTE: This notification was sent to "distros" mailing list on
02-March-2018.

https://bugzilla.redhat.com/show_bug.cgi?id=1537314 has some more
information about this flaw, including a patch.

CVE-2018-1054
-------------

389-ds-base: remote Denial of Service (DoS) via search filters in 
SetUnicodeStringFromUTF_8 in collate.c

A flaw was found in 389 Directory Server that affects all versions. An
improper handling of the search feature with an extended filter, when
read access on <attribute_name> is enabled, in SetUnicodeStringFromUTF_8
function in collate.c, can lead to out-of-bounds memory operations. This
may allow a remote unauthenticated attacker to trigger a server crash,
thus resulting in denial of service.

CVSSv3: 7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Thanks,
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ