CVE-2011-1067

EPSS 0.6%
Veröffentlicht 23.02.2011 19:00:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fedoraproject ≫ 389 Directory Server Updatealpha1 Version <= 1.2.8

Fedoraproject ≫ 389 Directory Server Version1.2.1

Fedoraproject ≫ 389 Directory Server Version1.2.2

Fedoraproject ≫ 389 Directory Server Version1.2.3

Fedoraproject ≫ 389 Directory Server Version1.2.5

Fedoraproject ≫ 389 Directory Server Version1.2.5 Updaterc1

Fedoraproject ≫ 389 Directory Server Version1.2.5 Updaterc2

Fedoraproject ≫ 389 Directory Server Version1.2.5 Updaterc3

Fedoraproject ≫ 389 Directory Server Version1.2.5 Updaterc4

Fedoraproject ≫ 389 Directory Server Version1.2.6

Fedoraproject ≫ 389 Directory Server Version1.2.6 Updatea2

Fedoraproject ≫ 389 Directory Server Version1.2.6 Updatea3

Fedoraproject ≫ 389 Directory Server Version1.2.6 Updatea4

Fedoraproject ≫ 389 Directory Server Version1.2.6 Updaterc1

Fedoraproject ≫ 389 Directory Server Version1.2.6 Updaterc2

Fedoraproject ≫ 389 Directory Server Version1.2.6 Updaterc3

Fedoraproject ≫ 389 Directory Server Version1.2.6 Updaterc6

Fedoraproject ≫ 389 Directory Server Version1.2.6 Updaterc7

Fedoraproject ≫ 389 Directory Server Version1.2.6.1

Fedoraproject ≫ 389 Directory Server Version1.2.7 Updatealpha3

Fedoraproject ≫ 389 Directory Server Version1.2.7.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.67

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://directory.fedoraproject.org/wiki/Release_Notes

http://secunia.com/advisories/43566

https://bugzilla.redhat.com/show_bug.cgi?id=668619

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/65769

https://nvd.nist.gov/vuln/detail/CVE-2011-1067

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1067

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1067

EUVD