Published: 09/05/2018 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

389-ds-base prior to 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject 389 directory server
fedoraproject 389 directory server 1.3.8.2
fedoraproject 389 directory server 1.3.8.1
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux desktop 6.0
debian debian linux 8.0

Debian Bug report logs - #898138 389-ds-base: CVE-2018-1089 Package: src:389-ds-base; Maintainer for src:389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 7 May 2018 19:51:02 UTC Severity: grave Tags: security, upstream F ...

Synopsis Important: 389-ds-base security update Type/Severity Security Advisory: Important Topic An update for 389-ds-base is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Important: 389-ds-base security and bug fix update Type/Severity Security Advisory: Important Topic An update for 389-ds-base is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service(CVE-2018-1089) ...

It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089 https://access.redhat.com/errata/RHSA-2018:1364 http://www.securityfocus.com/bid/104137 https://access.redhat.com/errata/RHSA-2018:1380 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898138 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2018-1036.html

CVE-2018-1089

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect