Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <26b869b9-5aad-d234-de78-67ea3a43e7a9@redhat.com>
Date: Tue, 6 Mar 2018 09:26:00 +0530
From: Dhiru Kholia <dkholia@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Salvatore Bonaccorso <carnil@...ian.org>
Subject: Remote DoS flaw in 389-ds-base

Hi,
  
Here is a notification about a remote DoS flaw in the 389-ds-base
package (389 Directory Server).

NOTE: This notification was sent to "distros" mailing list on
02-March-2018.

https://bugzilla.redhat.com/show_bug.cgi?id=1537314 has some more
information about this flaw, including a patch.

CVE-2018-1054
-------------

389-ds-base: remote Denial of Service (DoS) via search filters in 
SetUnicodeStringFromUTF_8 in collate.c

A flaw was found in 389 Directory Server that affects all versions. An
improper handling of the search feature with an extended filter, when
read access on <attribute_name> is enabled, in SetUnicodeStringFromUTF_8
function in collate.c, can lead to out-of-bounds memory operations. This
may allow a remote unauthenticated attacker to trigger a server crash,
thus resulting in denial of service.

CVSSv3: 7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Thanks,
Dhiru

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.