Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2018-1094
HistoryOct 24, 2018 - 4:34 p.m.

Medium: 389-ds-base

2018-10-2416:34:00
alas.aws.amazon.com
16

6.8 Medium

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.0%

JSON

Issue Overview:

A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.(CVE-2018-14624)

A race condition was found in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.(CVE-2018-10850)

A double-free of a password policy structure was found in the way slapd was handling certain errors during persistent search. A unauthenticated attacker could use this flaw to crash Directory Server.(CVE-2018-14638)

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.(CVE-2018-10935)

Affected Packages:

389-ds-base

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update 389-ds-base to update your system.

New Packages:

i686:  
    389-ds-base-1.3.7.5-28.amzn2.0.1.i686  
    389-ds-base-libs-1.3.7.5-28.amzn2.0.1.i686  
    389-ds-base-devel-1.3.7.5-28.amzn2.0.1.i686  
    389-ds-base-snmp-1.3.7.5-28.amzn2.0.1.i686  
    389-ds-base-debuginfo-1.3.7.5-28.amzn2.0.1.i686  
  
src:  
    389-ds-base-1.3.7.5-28.amzn2.0.1.src  
  
x86_64:  
    389-ds-base-1.3.7.5-28.amzn2.0.1.x86_64  
    389-ds-base-libs-1.3.7.5-28.amzn2.0.1.x86_64  
    389-ds-base-devel-1.3.7.5-28.amzn2.0.1.x86_64  
    389-ds-base-snmp-1.3.7.5-28.amzn2.0.1.x86_64  
    389-ds-base-debuginfo-1.3.7.5-28.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2018-10850, CVE-2018-10935, CVE-2018-14624, CVE-2018-14638

Mitre: CVE-2018-10850, CVE-2018-10935, CVE-2018-14624, CVE-2018-14638

OSVersionArchitecturePackageVersionFilename
Amazon Linux2i686389-ds-base< 1.3.7.5-28.amzn2.0.1389-ds-base-1.3.7.5-28.amzn2.0.1.i686.rpm
Amazon Linux2i686389-ds-base-libs< 1.3.7.5-28.amzn2.0.1389-ds-base-libs-1.3.7.5-28.amzn2.0.1.i686.rpm
Amazon Linux2i686389-ds-base-devel< 1.3.7.5-28.amzn2.0.1389-ds-base-devel-1.3.7.5-28.amzn2.0.1.i686.rpm
Amazon Linux2i686389-ds-base-snmp< 1.3.7.5-28.amzn2.0.1389-ds-base-snmp-1.3.7.5-28.amzn2.0.1.i686.rpm
Amazon Linux2i686389-ds-base-debuginfo< 1.3.7.5-28.amzn2.0.1389-ds-base-debuginfo-1.3.7.5-28.amzn2.0.1.i686.rpm
Amazon Linux2x86_64389-ds-base< 1.3.7.5-28.amzn2.0.1389-ds-base-1.3.7.5-28.amzn2.0.1.x86_64.rpm
Amazon Linux2x86_64389-ds-base-libs< 1.3.7.5-28.amzn2.0.1389-ds-base-libs-1.3.7.5-28.amzn2.0.1.x86_64.rpm
Amazon Linux2x86_64389-ds-base-devel< 1.3.7.5-28.amzn2.0.1389-ds-base-devel-1.3.7.5-28.amzn2.0.1.x86_64.rpm
Amazon Linux2x86_64389-ds-base-snmp< 1.3.7.5-28.amzn2.0.1389-ds-base-snmp-1.3.7.5-28.amzn2.0.1.x86_64.rpm
Amazon Linux2x86_64389-ds-base-debuginfo< 1.3.7.5-28.amzn2.0.1389-ds-base-debuginfo-1.3.7.5-28.amzn2.0.1.x86_64.rpm

Related

nessus 17
openvas 11
redhat 1
oraclelinux 1
amazon 1
centos 1
mageia 1
cvelist 4
veracode 4
cve 4
debiancve 4
prion 4
redhatcve 4
ubuntucve 4
checkpoint_advisories 2
nessus
nessus
EulerOS 2.0 SP3 : 389-ds-base (EulerOS-SA-2018-1365)
2018-11-07 00:00:00
RHEL 7 : 389-ds-base (RHSA-2018:2757)
2018-09-27 00:00:00
Amazon Linux AMI : 389-ds-base (ALAS-2018-1094)
2018-10-25 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2018-1365)
2020-01-23 00:00:00
CentOS Update for 389-ds-base CESA-2018:2757 centos7
2018-10-03 00:00:00
Mageia: Security Advisory (MGASA-2018-0404)
2022-01-28 00:00:00
redhat
redhat
(RHSA-2018:2757) Moderate: 389-ds-base security and bug fix update
2018-09-25 17:29:10
oraclelinux
oraclelinux
389-ds-base security and bug fix update
2018-09-25 00:00:00
amazon
amazon
Medium: 389-ds-base
2018-10-23 18:40:00
centos
centos
389 security update
2018-09-28 16:44:30
mageia
mageia
Updated 389-ds-base packages fix security vulnerabilities
2018-10-19 21:00:37
cvelist
cvelist
CVE-2018-14638
2018-09-14 19:00:00
CVE-2018-10850
2018-06-13 20:00:00
CVE-2018-10935
2018-09-11 15:00:00
veracode
veracode
Denial Of Service
2019-05-16 03:36:30
Denial Of Service
2019-05-16 03:36:27
Denial Of Service (DoS)
2019-01-15 09:25:36
cve
cve
CVE-2018-14638
2018-09-14 19:29:00
CVE-2018-10850
2018-06-13 20:29:00
CVE-2018-10935
2018-09-11 15:29:00
debiancve
debiancve
CVE-2018-14638
2018-09-14 19:29:00
CVE-2018-10935
2018-09-11 15:29:00
CVE-2018-10850
2018-06-13 20:29:00
prion
prion
Denial of service
2018-09-14 19:29:00
Design/Logic Flaw
2018-09-11 15:29:00
Race condition
2018-06-13 20:29:00
redhatcve
redhatcve
CVE-2018-14638
2018-09-14 18:19:34
CVE-2018-10935
2018-08-21 18:49:00
CVE-2018-10850
2018-06-06 20:19:03
ubuntucve
ubuntucve
CVE-2018-14638
2018-09-14 00:00:00
CVE-2018-10850
2018-06-13 00:00:00
CVE-2018-10935
2018-09-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Red Hat 389 Directory Server Denial of Service (CVE-2018-10935)
2019-01-06 00:00:00
Red Hat 389 Directory Server vslapd_log_emergency_error Denial of Service (CVE-2018-14624)
2019-01-14 00:00:00

6.8 Medium

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.0%

JSON
Related for ALAS2-2018-1094
nessus17openvas11redhat1oraclelinux1amazon1centos1mageia1cvelist4veracode4cve4debiancve4prion4redhatcve4ubuntucve4checkpoint_advisories2