ALAS-2018-980 ---- 389-ds-baseID: oval:org.secpod.oval:def:1600866 | Date: (C)2018-04-06 (M)2023-02-20 |
Class: PATCH | Family: unix |
Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c:It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances. Remote Denial of Service via search filters in SetUnicodeStringFromUTF_8 in collate.c:An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service
Platform: |
Amazon Linux AMI |