oss-sec mailing list archives
Remote DoS flaw in 389-ds-base
From: Dhiru Kholia <dkholia () redhat com>
Date: Tue, 6 Mar 2018 09:26:00 +0530
Hi, Here is a notification about a remote DoS flaw in the 389-ds-base package (389 Directory Server). NOTE: This notification was sent to "distros" mailing list on 02-March-2018. https://bugzilla.redhat.com/show_bug.cgi?id=1537314 has some more information about this flaw, including a patch. CVE-2018-1054 ------------- 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c A flaw was found in 389 Directory Server that affects all versions. An improper handling of the search feature with an extended filter, when read access on <attribute_name> is enabled, in SetUnicodeStringFromUTF_8 function in collate.c, can lead to out-of-bounds memory operations. This may allow a remote unauthenticated attacker to trigger a server crash, thus resulting in denial of service. CVSSv3: 7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Thanks, Dhiru
Current thread:
- Remote DoS flaw in 389-ds-base Dhiru Kholia (Mar 05)