CVE-2018-14624
06.09.2018, 14:29
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | 389_directory_server | 𝑥 ≤ 1.3.7.10 |
| fedoraproject | 389_directory_server | 1.3.8.0 ≤ 𝑥 ≤ 1.3.8.8 |
| fedoraproject | 389_directory_server | 1.4.0.0 ≤ 𝑥 ≤ 1.4.0.16 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_workstation | 7.0 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References