Download
| Alert*
|
oval:org.secpod.oval:def:1600841
Remote DoS via search filters in slapi_filter_sprintf in slapd/util.cA stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus ... oval:org.secpod.oval:def:1600895 It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of ... oval:org.secpod.oval:def:501207 389-ds-base is installed oval:org.secpod.oval:def:1600953 It was found that a specially crafted search query could lead to excessive CPU consumption in the do_search function. An unauthenticated attacker could use this flaw to provoke a denial of service. oval:org.secpod.oval:def:106121 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:501767 The 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to cor ... oval:org.secpod.oval:def:1600329 An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop ... oval:org.secpod.oval:def:1501340 An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop ... oval:org.secpod.oval:def:105930 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:110270 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:110275 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:1500215 Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:1500218 Updated 389-ds-base packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ra ... oval:org.secpod.oval:def:1500062 Updated 389-ds-base packages that fix one security issue, numerous bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which giv ... oval:org.secpod.oval:def:204826 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: ns-slapd crash via large filter value in ldapsearch For more details about the ... oval:org.secpod.oval:def:1500117 Updated 389-ds-base packages that fix one security issue and multiple bugsare now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rat ... oval:org.secpod.oval:def:203843 The 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to cor ... oval:org.secpod.oval:def:1600236 It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allow-anonymous-access" configuration setting was set to "rootdse". An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access to information outs ... oval:org.secpod.oval:def:1600262 It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights search queries when the attribute list, which is a part of the query, included several names using the "@" character. An attacker able to submit search queries to the 389 Directory Server could caus ... oval:org.secpod.oval:def:204476 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests ... oval:org.secpod.oval:def:1500148 Updated 389-ds-base packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ratin ... oval:org.secpod.oval:def:204744 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search fil ... oval:org.secpod.oval:def:1500313 Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:121560 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:1600939 A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.A race condition was found in the way 38 ... oval:org.secpod.oval:def:204879 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: race condition on reference counter leads to DoS using persistent search * 389- ... oval:org.secpod.oval:def:1600866 Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c:It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass ... oval:org.secpod.oval:def:204759 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: remote Denial of Service via search filters in SetUnicodeStringFromUTF_8 in col ... oval:org.secpod.oval:def:205732 Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 oval:org.secpod.oval:def:1200058 A flaw was found in the authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. oval:org.secpod.oval:def:1501002 A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. oval:org.secpod.oval:def:204648 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * A flaw was found in the way 389-ds-base handled authentication attempts against locked accoun ... oval:org.secpod.oval:def:1200125 It was reported that nsSSL3Ciphers preference is not enforced server side, this allows for a potential downgrade attack to take place. oval:org.secpod.oval:def:109586 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:1200090 An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the "cn=changelog" LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive informati ... oval:org.secpod.oval:def:1500921 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500926 Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. oval:org.secpod.oval:def:204244 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog t ... oval:org.secpod.oval:def:501508 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog t ... oval:org.secpod.oval:def:501513 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog t ... oval:org.secpod.oval:def:1500681 Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1600193 It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive ... oval:org.secpod.oval:def:203392 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default co ... oval:org.secpod.oval:def:1500673 It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive ... oval:org.secpod.oval:def:1600044 It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanisms. A user able to authenticate to the directory using these SASL mechanisms could connect as any other directory user, including the administrative Directory Manager account. This could ... oval:org.secpod.oval:def:1500399 Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:111582 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:506295 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed For more d ... oval:org.secpod.oval:def:503457 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: Read permission check bypass via the deref plugin For more details about the se ... oval:org.secpod.oval:def:503425 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. The following packages have been upgraded to a later upstream version: 389-ds-base . Security Fix: * 389-ds- ... oval:org.secpod.oval:def:66465 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. The following packages have been upgraded to a later upstream version: 389-ds-base . Security Fix: * 389-ds- ... oval:org.secpod.oval:def:507235 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: SIGSEGV in sync_repl For more details about the security issue, including the i ... oval:org.secpod.oval:def:507239 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: SIGSEGV in sync_repl For more details about the security issue, including the i ... oval:org.secpod.oval:def:502364 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: race condition on reference counter leads to DoS using persistent search * 389- ... oval:org.secpod.oval:def:1700085 A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.A race condition was found in the way 38 ... oval:org.secpod.oval:def:1502319 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700293 A flaw was found in the "deref" plugin of 389-ds-base where it could use the "search" permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes oval:org.secpod.oval:def:500832 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon handled access control instructions using certificat ... oval:org.secpod.oval:def:1503836 Updated 389-ds-base packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which give ... oval:org.secpod.oval:def:202384 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their passw ... oval:org.secpod.oval:def:202376 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon handled access control instructions using certificat ... oval:org.secpod.oval:def:1503666 Updated 389-ds-base packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:500828 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their passw ... oval:org.secpod.oval:def:501080 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating se ... oval:org.secpod.oval:def:1600326 ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service via a crafted Distinguished Name in a MOD operation request. 389 Directory Server does not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive ... oval:org.secpod.oval:def:501361 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default co ... oval:org.secpod.oval:def:501094 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle the receipt of certain MOD operations with ... oval:org.secpod.oval:def:202665 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allo ... oval:org.secpod.oval:def:107380 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:501020 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way LDAPv3 control data was handled by 389 Directory Server. If a malicious user were able ... oval:org.secpod.oval:def:202922 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle the receipt of certain MOD operations with ... oval:org.secpod.oval:def:203219 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanis ... oval:org.secpod.oval:def:106543 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:501206 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanis ... oval:org.secpod.oval:def:202636 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way LDAPv3 control data was handled by 389 Directory Server. If a malicious user were able ... oval:org.secpod.oval:def:202634 The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server enforced ACLs after performin ... oval:org.secpod.oval:def:202916 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating se ... oval:org.secpod.oval:def:203394 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default co ... oval:org.secpod.oval:def:106550 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:204471 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A ... oval:org.secpod.oval:def:204797 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: ns-slapd crash via large filter value in ldapsearch For more details about the ... oval:org.secpod.oval:def:500980 The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server enforced ACLs after performin ... oval:org.secpod.oval:def:204768 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: remote Denial of Service via search filters in SetUnicodeStringFromUTF_8 in col ... oval:org.secpod.oval:def:501142 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights search queri ... oval:org.secpod.oval:def:2500558 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. oval:org.secpod.oval:def:87161 [2.1.3-4] - Bump version to 2.1.3-4 - Resolves: Bug 1872451 - Fix regression with dscreate template [2.1.3-3] - Bump version to 2.1.3-3 - Resolves: Bug 2118765 [2.1.3-2] - Bump version to 2.1.3-2 - Resolves: Bug 2118765 - SIGSEGV in sync_repl [2.1.3-1] - Bump version to 2.1.3-1 - Resolves: Bug 20618 ... oval:org.secpod.oval:def:5800095 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. The following packages have been upgraded to a later upstream version: 389-ds-base . Security Fix: * 389-ds- ... oval:org.secpod.oval:def:1701089 A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service oval:org.secpod.oval:def:507389 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. The following packages have been upgraded to a later upstream version: 389-ds-base . Security Fix: * 389-ds- ... oval:org.secpod.oval:def:2500722 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. oval:org.secpod.oval:def:2500829 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. oval:org.secpod.oval:def:2600074 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. oval:org.secpod.oval:def:1505835 [1.3.10.2-16] - Bump version to 1.3.10.2-16 - Resolves: Bug 2077395 - CVE-2022-0918 389-ds:1.4/389-ds-base: sending crafted message could result in DoS - Resolves: Bug 2014768 - Log the Auto Member invalid regex rules in the LDAP errors log - Resolves: Bug 2018153 - RFE - Provide an option to abort ... oval:org.secpod.oval:def:501927 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. The following packages have been upgraded to a newer upstream version: 389-ds-base . Security Fix: * It was ... oval:org.secpod.oval:def:204044 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI cou ... oval:org.secpod.oval:def:501935 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI cou ... oval:org.secpod.oval:def:1501668 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI cou ... oval:org.secpod.oval:def:204146 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. The following packages have been upgraded to a newer upstream version: 389-ds-base . Security Fix: * It was ... oval:org.secpod.oval:def:1600485 CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries.CVE-2016-5416 38 ... oval:org.secpod.oval:def:111288 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:1501635 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. The following packages have been upgraded to a newer upstream version: 389-ds-base . Security Fix: * It was ... oval:org.secpod.oval:def:205864 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: information disclosure during the binding of a DN For more details about the se ... oval:org.secpod.oval:def:1504963 [1.3.10.2-12] - Bump version to 1.3.10.2-12 [1.3.10.2-11] - Bump version to 1.3.10.2-11 - Resolves: Bug 1953673 - Add new access log keywords for time spent in work queue and actual operation time - Resolves: Bug 1931182 - information disclosure during the binding of a DN oval:org.secpod.oval:def:73719 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control For more detail ... oval:org.secpod.oval:def:2500239 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. oval:org.secpod.oval:def:4500093 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other rel ... oval:org.secpod.oval:def:4501369 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed For more d ... oval:org.secpod.oval:def:1505054 [1.4.3.16-19] - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin [1.4.3.16-18] - Bump version to 1.4.3.16-18 - Resolve: Bug 1983121 - CRYPT password hash with asterisk allows any bind attempt to succeed [1.4. ... oval:org.secpod.oval:def:2500358 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. oval:org.secpod.oval:def:205901 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed For more d ... oval:org.secpod.oval:def:1700765 A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disab ... oval:org.secpod.oval:def:502291 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: ns-slapd crash via large filter value in ldapsearch For more details about the ... oval:org.secpod.oval:def:1700049 It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of ... oval:org.secpod.oval:def:503209 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: DoS via hanging secured connections For more details about the security issue, ... oval:org.secpod.oval:def:1700095 It was found that a specially crafted search query could lead to excessive CPU consumption in the do_search function. An unauthenticated attacker could use this flaw to provoke a denial of service. oval:org.secpod.oval:def:1505307 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502208 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502209 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502288 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: ns-slapd crash via large filter value in ldapsearch For more details about the ... oval:org.secpod.oval:def:125951 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. oval:org.secpod.oval:def:501040 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allo ... oval:org.secpod.oval:def:502238 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: remote Denial of Service via search filters in SetUnicodeStringFromUTF_8 in col ... oval:org.secpod.oval:def:502249 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: remote Denial of Service via search filters in SetUnicodeStringFromUTF_8 in col ... oval:org.secpod.oval:def:1700016 Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c:It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass ... oval:org.secpod.oval:def:1502142 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502158 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501828 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501831 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600695 Remote crash via crafted LDAP messages: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service oval:org.secpod.oval:def:502016 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind reques ... oval:org.secpod.oval:def:502015 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind reques ... oval:org.secpod.oval:def:502227 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search fil ... oval:org.secpod.oval:def:1700008 Remote DoS via search filters in slapi_filter_sprintf in slapd/util.cA stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus ... oval:org.secpod.oval:def:1501961 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502133 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * A flaw was found in the way 389-ds-base handled authentication attempts against locked accoun ... oval:org.secpod.oval:def:1600777 Password brute-force possible for locked account due to different return codes:A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby ... oval:org.secpod.oval:def:503201 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: DoS via hanging secured connections For more details about the security issue, ... |
