OpenSUSE Linux update for 389-ds

Published: 2019-05-15 | Updated: 2019-05-15
Severity Medium
Patch available YES
Number of vulnerabilities 5
CVE ID CVE-2017-15134
CVE-2017-15135
CVE-2018-10850
CVE-2018-10935
CVE-2018-14624
CWE ID CWE-121
CWE-287
CWE-362
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Vulnerable software Opensuse Subscribe
Vendor Novell

Security Advisory

1) Stack-based buffer overflow

Severity: Low

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-15134

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper handling of Lightweight Directory Access Protocol (LDAP) search filters by the 389-ds-base package. A remote attacker can send a specially crafted LDAP request, trigger a stack-based buffer overflow condition and cause the ns-slapd process to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper authentication

Severity: Low

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:U] [PCI]

CVE-ID: CVE-2017-15135

CWE-ID: CWE-287 - Improper Authentication

Description

The vulnerability allows a remote unauthenticated attacker to bypass authentication on the target system.

The weakness exists due to improper handling of internal hash comparison operations. A remote attacker can bypass the authentication process.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Race condition

Severity: Medium

CVSSv3: 7.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-10850

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to a race condition in the way 389-ds-base handles persistent search. A remote attacker can send a specially crafted request that submits malicious input and cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

Severity: Low

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-10935

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists due to improper processing of Lightweight Directory Access Protocol (LDAP) queries. A remote attacker can send execute the ldapsearch command with server-side sorting controls and cause the LDAP server to crash, resulting in a DoS condition.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Improper input validation

Severity: Low

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-14624

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to incorrect use of the lock controlling error log when re-opening the log file in log__error_emergency(. A remote attacker can send a flood of modifications to a very large DN and cause the slapd to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.