Fedoraproject

389 Directory Server

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2018-10850

  • EPSS 2.05%
  • Veröffentlicht 13.06.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:08

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of servi...

7.5

CVE-2018-1089

  • EPSS 14.57%
  • Veröffentlicht 09.05.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:09

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-sl...

5.9

CVE-2011-0704

  • EPSS 0.45%
  • Veröffentlicht 04.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 01:24:39

389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.

7.5

CVE-2017-2591

  • EPSS 6.83%
  • Veröffentlicht 30.04.2018 12:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:47

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker c...

7.5

CVE-2018-1054

  • EPSS 3.98%
  • Veröffentlicht 07.03.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:04

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially ...

7.5

CVE-2017-15134

  • EPSS 5.69%
  • Veröffentlicht 01.03.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:14:08

A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-sla...

8.1

CVE-2017-15135

  • EPSS 0.13%
  • Veröffentlicht 24.01.2018 15:29:01
  • Zuletzt bearbeitet 21.11.2024 03:14:08

It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypas...

7.5

CVE-2015-1854

  • EPSS 0.43%
  • Veröffentlicht 19.09.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.

9.8

CVE-2017-7551

Exploit
  • EPSS 0.37%
  • Veröffentlicht 16.08.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

7.8

CVE-2016-0741

  • EPSS 4.95%
  • Veröffentlicht 19.04.2016 21:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.