Amazon Linux AMI update for 389-ds-base

Published: 2018-12-07 10:09:10 | Updated: 2018-12-07
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-14648
CVSSv3 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software Amazon Linux AMI
Vulnerable software versions Amazon Linux AMI 2017.03
Vendor URL Amazon Web Services, Inc.

Security Advisory

1) Resource exhaustion

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to excessive CPU consumption in the do_search() function. A remote attacker can supply specially crafted search queries to trigger resource exhaustion and denial of service.

Remediation

Update the affected packages.

i686:
    389-ds-base-snmp-1.3.8.4-18.60.amzn1.i686
    389-ds-base-libs-1.3.8.4-18.60.amzn1.i686
    389-ds-base-debuginfo-1.3.8.4-18.60.amzn1.i686
    389-ds-base-1.3.8.4-18.60.amzn1.i686
    389-ds-base-devel-1.3.8.4-18.60.amzn1.i686

src:
    389-ds-base-1.3.8.4-18.60.amzn1.src

x86_64:
    389-ds-base-debuginfo-1.3.8.4-18.60.amzn1.x86_64
    389-ds-base-devel-1.3.8.4-18.60.amzn1.x86_64
    389-ds-base-libs-1.3.8.4-18.60.amzn1.x86_64
    389-ds-base-1.3.8.4-18.60.amzn1.x86_64
    389-ds-base-snmp-1.3.8.4-18.60.amzn1.x86_64

External links

https://alas.aws.amazon.com/ALAS-2018-1106.html

Back to List