CVE-2018-1089

Sažetak

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

Reference

http://www.securityfocus.com/bid/104137
https://access.redhat.com/errata/RHSA-2018:1364
https://access.redhat.com/errata/RHSA-2018:1380
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089
https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

09-10-2019 - 23:38

Objavljeno

09-05-2018 - 15:29