CVE-2024-8445

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input. Mitigation Mitigation for this issue is either not available or the currently available...

openSUSE: Security Advisory for 389 (SUSE-SU-2024:3082-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : 389-ds (SUSE-SU-2024:3082-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3082-1 advisory. Security issues fixed: - CVE-2024-3657: Fixed potential denial of service via specially crafted kerberos AS-REQ reque...

LDAP Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LDAP Information Disclosure', 'Description' = %q This module uses an anonymous-bind LDAP connection to dump data from an LDAP server. Searching f...

RLSA-2024:5192 Moderate: 389-ds-base security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: Malformed userPassword hash may cause Denial of Service CVE-2024-59...

SUSE SLES15 Security Update : 389-ds (SUSE-SU-2024:2910-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2910-1 advisory. Security issues fixed: - CVE-2024-3657: Fixed potential denial of service via specially crafted kerberos AS-REQ request bsc1225512 ...

389-ds-base security update

2.4.5-9 - Bump version to 2.4.5-9 - Resolves: RHEL-44323 - unauthenticated user can trigger a DoS by sending a specific extended search request - Resolves: RHEL-40945 - Malformed userPassword hash may cause Denial of Service - Resolves: RHEL-49457 - perf search result investigation for many large...

ROS-20240806-18

A vulnerability in the 389 Directory Server is related to the ability of an authenticated user to cause a server crash by changing the userPassword using incorrect input. user to cause a server crash by changing userPassword using incorrect input. Exploitation of the vulnerability could allow an...

RHEL 9 : 389-ds-base (RHSA-2024:4633)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4633 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP...

RLSA-2024:4235 Important: 389-ds security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ...

Rocky Linux 8 : 389-ds (RLSA-2024:4235)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4235 advisory. 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request CVE-2024-3657 389-ds-base: Malformed userPassword may cause crash...

389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

ALSA-2024:4235 Important: 389-ds security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ...

RHEL 8 : 389-ds (RHSA-2024:4235)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4235 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP...

CVE-2024-5953 389-ds-base: malformed userpassword hash may cause denial of service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...

RLSA-2024:3837 Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ...

Rocky Linux 9 : 389-ds-base (RLSA-2024:3837)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3837 advisory. 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request CVE-2024-3657 389-ds-base: Malformed userPassword may cause crash...

389-ds-base security update

2.4.5-8 - Bump version to 2.4.5-8 - Fix License tag 2.4.5-7 - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at domodify in slapd/modify.c - Resolves: RHEL-34825 - redhat-ds:11/389-ds-base: potential denial of service via speciall...

389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...