Improper input validation in 389-ds-base - CVE-2018-14624
Published: October 29, 2018
Vulnerability identifier: #VU15561
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-14624
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: 389 Directory Server Project
Affected software:
389-ds-base
389-ds-base
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to incorrect use of the lock controlling error log when re-opening the log file in log__error_emergency(. A remote attacker can send a flood of modifications to a very large DN and cause the slapd to crash.
The weakness exists due to incorrect use of the lock controlling error log when re-opening the log file in log__error_emergency(. A remote attacker can send a flood of modifications to a very large DN and cause the slapd to crash.
How to mitigate CVE-2018-14624
Install update from vendor's website.i