4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
5.2 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
0.007 Low
EPSS
Percentile
80.1%
Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, resulting in denial of service (CVE-2019-3824). The ldb package has been updated to version 1.2.4 to fix this issue. The sssd and samba packages have been rebuilt against the updated ldb. If a user was configured with no home directory set, sssd would return ‘/’ (the root directory) instead of ‘’ (the empty string / no home directory). This could impact services that restrict the user’s filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. (CVE-2019-3811)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | ldb | < 1.2.4-1 | ldb-1.2.4-1.mga6 |
Mageia | 6 | noarch | samba | < 4.7.12-1.2 | samba-4.7.12-1.2.mga6 |
Mageia | 6 | noarch | sssd | < 1.13.4-9.5 | sssd-1.13.4-9.5.mga6 |
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
5.2 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
0.007 Low
EPSS
Percentile
80.1%