Lucene search

K
mageiaGentoo FoundationMGASA-2018-0245
HistoryMay 16, 2018 - 11:24 a.m.

Updated 389-ds-base packages fix security vulnerability

2018-05-1611:24:56
Gentoo Foundation
advisories.mageia.org
13

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.037 Low

EPSS

Percentile

91.8%

389-ds-base did not properly handle characters needed to be escaped in its query filter. This could result in buffer overflows, from the heap or the stack, on larger filters. An unauthenticated attacker could send a specially crafted LDAP request and crash the server (CVE-2018-1089).

OSVersionArchitecturePackageVersionFilename
Mageia6noarch389-ds-base< 1.3.5.17-1.5389-ds-base-1.3.5.17-1.5.mga6

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.037 Low

EPSS

Percentile

91.8%