Lucene search

Veracode Vulnerability DatabaseVERACODE:23104

HistoryApr 10, 2020 - 12:16 a.m.

Denial Of Service (DoS)

2020-04-1000:16:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

JSON

mcstrans is vulnerable to Denial Of Service (DoS). An algorithmic complexity weakness was found in the way the mcstrans daemon handled ranges of compartments in sensitivity labels. A local user could trigger this flaw causing mctransd to temporarily stop responding to other requests; a partial denial of service.

CPENameOperatorVersion
mcstranseq0.1.10__1.el5
mcstranseq0.2.3__1.el5
mcstranseq0.1.10__1.el5
mcstranseq0.2.3__1.el5

Name	Operator	Version
mcstrans	eq	0.1.10__1.el5
mcstrans	eq	0.2.3__1.el5
mcstrans	eq	0.1.10__1.el5
mcstrans	eq	0.2.3__1.el5

References

osvdb.org/39244

secunia.com/advisories/27589

www.redhat.com/security/updates/classification/#low

www.securityfocus.com/bid/26371

access.redhat.com/errata/RHSA-2007:0542

bugzilla.redhat.com/attachment.cgi?id=193951

bugzilla.redhat.com/show_bug.cgi?id=288201

exchange.xforce.ibmcloud.com/vulnerabilities/38357

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10350

rhn.redhat.com/errata/RHSA-2007-0542.html

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:23104