Astra Linux - уязвимость в 389-ds-base

A flaw was discovered in RHDS 11 and RHDS 12. While browsing entries using LDAP, the system attempts to decode the userPassword attribute instead of the userCertificate attribute, which could lead to sensitive information being leaked. An attacker with a local account where cockpit-389-ds is...

MiracleLinux 8 : 389-ds:1.4 (AXSA:2024-8541:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8541:01 advisory. 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request CVE-2024-3657 389-ds-base: Malformed userPassword may cause...

MiracleLinux 9 : 389-ds-base-2.4.5-8.el9_4 (AXSA:2024-8282:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8282:06 advisory. 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request CVE-2024-3657 389-ds-base: Malformed userPassword may cause...

EUVD-2022-25217

Malicious code in bioql PyPI...

EUVD-2024-27159

Malicious code in bioql PyPI...

TencentOS Server 2: 389-ds-base (TSSA-2024:0528)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0528 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

OESA-2025-1145 three-eight-nine-ds-base security update

389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server...

Important: Red Hat Security Advisory: redhat-ds:11 security update

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.5 E4S for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE-SU-2024:3844-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 - Re-enable use of .dsrc basedn for dsidm commands bsc1231462 - Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...

SUSE-SU-2024:3843-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 - Re-enable use of .dsrc basedn for dsidm commands bsc1231462 - Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...

SUSE-SU-2024:3257-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Update to version 1.4.4.20git3.e7ac6d87: - CVE-2024-3657: DOS via via specially crafted kerberos AS-REQ request. bsc1225512 - CVE-2024-5953: Malformed userPassword hashes may cause a denial of service. bsc1226277 - CVE-2024-2199: Malformed...

openSUSE: Security Advisory for 389 (SUSE-SU-2024:3218-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALSA-2024:6569 Moderate: 389-ds:1.4 security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: Malformed userPassword hash may cause Denial of Service CVE-2024-59...

SUSE CVE-2024-8445

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input...

CVE-2024-8445

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input...

CVE-2024-8445

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input...

CVE-2024-8445 389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input...

CVE-2024-8445 389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input...

CVE-2024-8445

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input...

CVE-2024-8445

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input. Mitigation Mitigation for this issue is either not available or the currently available...