10 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-2591
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniquenessentrytoconfig function in the attribute uniqueness plugin...
Mageia: Security Advisory (MGASA-2017-0028)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-2591
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniquenessentrytoconfig function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap...
CVE-2017-2591
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniquenessentrytoconfig function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap...
DEBIAN-CVE-2017-2591
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniquenessentrytoconfig function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap...
CVE-2017-2591
CVE-2017-2591 affects 389-ds-base prior to 1.3.6. The vulnerability arises from an improperly NULL terminated array in the uniqueness_entry_to_config() function of the attribute uniqueness plugin, enabling an attacker (authenticated or possibly unauthenticated) to trigger an out-of-bounds heap re...
openSUSE Security Update : 389-ds (openSUSE-2017-1396)
This update for 389-ds fixes the following issues : - CVE-2017-7551: 389-ds-base: Password brute-force possible for locked account due to different return codes bsc1051997 - CVE-2016-4992: 389-ds: Information disclosure via repeated use of LDAP ADD operation bsc997256 - CVE-2016-5405: 389-ds:...
MGASA-2017-0028 Updated 389-ds-base packages fix security vulnerability
The "attribute uniqueness" plugin did not properly NULL-terminate an array when building up its configuration if a so called 'old-style' configuration was being used. An attacker, authenticated, but possibly also unauthenticated, could possibly force the plugin to read beyond allocated memory and...
Updated 389-ds-base packages fix security vulnerability
The "attribute uniqueness" plugin did not properly NULL-terminate an array when building up its configuration if a so called 'old-style' configuration was being used. An attacker, authenticated, but possibly also unauthenticated, could possibly force the plugin to read beyond allocated memory and...
CVE-2017-2591
It was found that the uniquenessentrytoconfig function, used by the "attribute uniqueness" plugin of 389 Directory Server, did not properly NULL terminate an array used in some configuration. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap...