Lucene search

Veracode Vulnerability DatabaseVERACODE:10804

HistoryJan 15, 2019 - 8:52 a.m.

Denial Of Service (DoS)

2019-01-1508:52:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:S/C:N/I:N/A:P

JSON

389 Directory Server is vulnerable to denial of service. The acllas__handle_group_entry function in servers/plugins/acl/acllas.c does not properly handle access control instructions (ACI) that use certificate groups and cause ns-slapd to enter an infinite loop which consumes excessive CPU resources and crash.

CPENameOperatorVersion
389-ds-baseeq1.2.8.2__1.el6
389-ds-baseeq1.2.8.2__1.el6_1.3
389-ds-baseeq1.2.9.14__1.el6_2.2
389-ds-baseeq1.2.9.14__1.el6
redhat-ds-baseeq8.2.5__1.el5dsrv
redhat-ds-baseeq8.1.0__0.14.el5dsrv
redhat-ds-baseeq8.2.4__1.el5dsrv
redhat-ds-baseeq8.2.8__2.el5dsrv
redhat-ds-baseeq8.0.0__15.el5dsrv
redhat-ds-baseeq8.2.7__2.el5dsrv

Name	Operator	Version
389-ds-base	eq	1.2.8.2__1.el6
389-ds-base	eq	1.2.8.2__1.el6_1.3
389-ds-base	eq	1.2.9.14__1.el6_2.2
389-ds-base	eq	1.2.9.14__1.el6
redhat-ds-base	eq	8.2.5__1.el5dsrv
redhat-ds-base	eq	8.1.0__0.14.el5dsrv
redhat-ds-base	eq	8.2.4__1.el5dsrv
redhat-ds-base	eq	8.2.8__2.el5dsrv
redhat-ds-base	eq	8.0.0__15.el5dsrv
redhat-ds-base	eq	8.2.7__2.el5dsrv

Rows per page:

1-10 of 231

References

rhn.redhat.com/errata/RHSA-2012-0813.html

secunia.com/advisories/48035

secunia.com/advisories/49562

access.redhat.com/security/updates/classification/#low

bugzilla.redhat.com/show_bug.cgi?id=766322

bugzilla.redhat.com/show_bug.cgi?id=768086

bugzilla.redhat.com/show_bug.cgi?id=768091

bugzilla.redhat.com/show_bug.cgi?id=772777

bugzilla.redhat.com/show_bug.cgi?id=772778

bugzilla.redhat.com/show_bug.cgi?id=772779

bugzilla.redhat.com/show_bug.cgi?id=781529

bugzilla.redhat.com/show_bug.cgi?id=781534

bugzilla.redhat.com/show_bug.cgi?id=784343

bugzilla.redhat.com/show_bug.cgi?id=784344

bugzilla.redhat.com/show_bug.cgi?id=788140

bugzilla.redhat.com/show_bug.cgi?id=788722

bugzilla.redhat.com/show_bug.cgi?id=788723

bugzilla.redhat.com/show_bug.cgi?id=788724

bugzilla.redhat.com/show_bug.cgi?id=788725

bugzilla.redhat.com/show_bug.cgi?id=788726

bugzilla.redhat.com/show_bug.cgi?id=788728

bugzilla.redhat.com/show_bug.cgi?id=788729

bugzilla.redhat.com/show_bug.cgi?id=788731

bugzilla.redhat.com/show_bug.cgi?id=788732

bugzilla.redhat.com/show_bug.cgi?id=788741

bugzilla.redhat.com/show_bug.cgi?id=788745

bugzilla.redhat.com/show_bug.cgi?id=788749

bugzilla.redhat.com/show_bug.cgi?id=788750

bugzilla.redhat.com/show_bug.cgi?id=788751

bugzilla.redhat.com/show_bug.cgi?id=788753

bugzilla.redhat.com/show_bug.cgi?id=788755

bugzilla.redhat.com/show_bug.cgi?id=788756

bugzilla.redhat.com/show_bug.cgi?id=788760

bugzilla.redhat.com/show_bug.cgi?id=788764

bugzilla.redhat.com/show_bug.cgi?id=790433

bugzilla.redhat.com/show_bug.cgi?id=790491

bugzilla.redhat.com/show_bug.cgi?id=800215

bugzilla.redhat.com/show_bug.cgi?id=800217

bugzilla.redhat.com/show_bug.cgi?id=803930

bugzilla.redhat.com/show_bug.cgi?id=811291

bugzilla.redhat.com/show_bug.cgi?id=813964

bugzilla.redhat.com/show_bug.cgi?id=815991

bugzilla.redhat.com/show_bug.cgi?id=819643

bugzilla.redhat.com/show_bug.cgi?id=821176

bugzilla.redhat.com/show_bug.cgi?id=821542

bugzilla.redhat.com/show_bug.cgi?id=822700

bugzilla.redhat.com/show_bug.cgi?id=824014

docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/pkg-389-ds-base.html#RHSA-2012-0813

fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base

fedorahosted.org/389/ticket/162

rhn.redhat.com/errata/RHSA-2012-0813.html

2.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:S/C:N/I:N/A:P

JSON

Related for VERACODE:10804