Date: Tue, 6 Mar 2018 09:26:00 +0530 From: Dhiru Kholia <dkholia@...hat.com> To: oss-security@...ts.openwall.com Cc: Salvatore Bonaccorso <carnil@...ian.org> Subject: Remote DoS flaw in 389-ds-base Hi, Here is a notification about a remote DoS flaw in the 389-ds-base package (389 Directory Server). NOTE: This notification was sent to "distros" mailing list on 02-March-2018. https://bugzilla.redhat.com/show_bug.cgi?id=1537314 has some more information about this flaw, including a patch. CVE-2018-1054 ------------- 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c A flaw was found in 389 Directory Server that affects all versions. An improper handling of the search feature with an extended filter, when read access on <attribute_name> is enabled, in SetUnicodeStringFromUTF_8 function in collate.c, can lead to out-of-bounds memory operations. This may allow a remote unauthenticated attacker to trigger a server crash, thus resulting in denial of service. CVSSv3: 7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Thanks, Dhiru
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.