|
|
|||
| Rule General Information |
|---|
| Release Date: | 2018-09-25 | |
| Rule Name: | Red Hat 389 Directory Server ns-slapd ldapsearch Buffer Overflow Vulnerability(CVE-2018-1089) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. | |
| Impact: | A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. | |
| Affected OS: | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android | |
| Reference: | SecurityFocusBID:104137 https://access.redhat.com/errata/RHSA-2018:1380 https://access.redhat.com/errata/RHSA-2018:1364 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html |
|
| Solutions |
|---|
| Upgrading to version 1.3.6.15, 1.3.8.1 or 1.4.0.9 eliminates this vulnerability. |