Fedora 33 update for python-msldap
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-7728 CVE-2018-7729 CVE-2018-7730 CVE-2018-7731 |
| CWE-ID | CWE-126 CWE-122 CWE-476 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system python-msldap Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Heap-based buffer over-read
EUVDB-ID: #VU11077
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-7728
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness in the MD5Update() function is due to heap-based buffer over-read. A local attacker can submit a specially crafted file, trigger memory corruption and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 33
python-msldap: before 0.3.15-1.fc33
CPE2.3- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:python-msldap:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e22e9a655d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Heap-based buffer overflow
EUVDB-ID: #VU11087
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-7729
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the PostScript_MetaHandler::ParsePSFile() function due to heap-based buffer overflow. A local attacker can send a specially crafted file, trigger memory corruption and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 33
python-msldap: before 0.3.15-1.fc33
CPE2.3- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:python-msldap:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e22e9a655d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Heap-based buffer over-read
EUVDB-ID: #VU11078
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-7730
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness in the PSD_MetaHandler::CacheFileData() function is due to heap-based buffer over-read. A local attacker can submit a specially crafted .xls file, trigger memory corruption and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 33
python-msldap: before 0.3.15-1.fc33
CPE2.3- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:python-msldap:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e22e9a655d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) NULL pointer dereference
EUVDB-ID: #VU11079
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-7731
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the WEBP::VP8XChunk::VP8XChunk() function due to NULL pointer dereference. A local attacker can submit a specially crafted file, trigger memory corruption and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 33
python-msldap: before 0.3.15-1.fc33
CPE2.3- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:python-msldap:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e22e9a655d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
