An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.
Metadata Update from @mreynolds: - Issue assigned to mreynolds
Fixed
7404525..5e578de master -> master
0ebc21e..a8692b1 389-ds-base-1.3.5 -> 389-ds-base-1.3.5
bad9197..bdf75dc 389-ds-base-1.3.4 -> 389-ds-base-1.3.4
a96eee0..b46fb65 389-ds-base-1.2.11 -> 389-ds-base-1.2.11
Metadata Update from @mreynolds: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1436575 - Custom field type adjusted to defect - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open) - Issue tagged with: Security
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2279
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Login to comment on this ticket.