|
|||
Rule General Information |
---|
Release Date: | 2018-09-25 | |
Rule Name: | Red Hat 389 Directory Server ns-slapd ldapsearch Buffer Overflow Vulnerability(CVE-2018-1089) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. | |
Impact: | A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. | |
Affected OS: | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android | |
Reference: | SecurityFocusBID:104137 https://access.redhat.com/errata/RHSA-2018:1380 https://access.redhat.com/errata/RHSA-2018:1364 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html |
|
Solutions |
---|
Upgrading to version 1.3.6.15, 1.3.8.1 or 1.4.0.9 eliminates this vulnerability. |