Lucene search

389 Directory Server Security Vulnerabilities - 2018

cve

CVE-2017-2668

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

6.5CVSS

6.1AI Score

0.006EPSS

2018-06-22 01:29 PM

cve

CVE-2018-10850

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.

5.9CVSS

5.8AI Score

0.011EPSS

2018-06-13 08:29 PM

169

cve

CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently hi...

7.2CVSS

6.3AI Score

0.002EPSS

2018-07-18 01:29 PM

cve

CVE-2018-10935

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.

6.5CVSS

6.3AI Score

0.018EPSS

2018-09-11 03:29 PM

131