CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
fedoraproject389_directory_server
𝑥
≤ 1.3.7.10
fedoraproject389_directory_server
1.3.8.0 ≤
𝑥
≤ 1.3.8.8
fedoraproject389_directory_server
1.4.0.0 ≤
𝑥
≤ 1.4.0.16
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
7.0
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
389-ds-base
bookworm
2.3.1+dfsg1-1
fixed
bullseye
1.4.4.11-2
fixed
sid
3.1.1+dfsg1-2
fixed
stretch
no-dsa
trixie
3.1.1+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
389-ds-base
bionic
needed
cosmic
ignored
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
needed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
389-ds
suse enterprise sap 15
1.4.0.3-4.7.52
fixed
suse enterprise sap 15 SP1
1.4.0.3-4.7.52
fixed
suse enterprise server 15
1.4.0.3-4.7.52
fixed
suse enterprise server 15 SP1
1.4.0.3-4.7.52
fixed
389-ds-devel
suse enterprise sap 15
1.4.0.3-4.7.52
fixed
suse enterprise sap 15 SP1
1.4.0.3-4.7.52
fixed
suse enterprise server 15
1.4.0.3-4.7.52
fixed
suse enterprise server 15 SP1
1.4.0.3-4.7.52
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
389-ds-base
RHEL 7
0:1.3.7.5-28.el7_5
fixed
389-ds-base-devel
RHEL 7
0:1.3.7.5-28.el7_5
fixed
389-ds-base-libs
RHEL 7
0:1.3.7.5-28.el7_5
fixed
389-ds-base-snmp
RHEL 7
0:1.3.7.5-28.el7_5
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html
https://access.redhat.com/errata/RHSA-2018:2757
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624
https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html
https://pagure.io/389-ds-base/issue/49937
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html
https://access.redhat.com/errata/RHSA-2018:2757
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624
https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html
https://pagure.io/389-ds-base/issue/49937