1) Buffer overflow

EUVDB-ID: #VU12607

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-1089

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in ns-slapd due to improper handling of long search filters with characters needing escapes. A remote attacker can submit a specially crafted LDAP request, trigger buffer overflow and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server: 7 - 7.5

Red Hat Enterprise Linux for IBM z Systems: 7 - 7.5

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux EUS Compute Node: 7.5

Red Hat Enterprise Linux for Power: 7 - 9

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

---

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7.5:*:*:*:*:red_hat_enterprise_linux:*:*

External links

http://access.redhat.com/errata/RHSA-2018:1380

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?