#49220 Remote crash via crafted LDAP messages
Closed: wontfix 6 years ago Opened 6 years ago by mreynolds.

Issue Description

An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

Metadata Update from @mreynolds:
- Issue assigned to mreynolds

6 years ago


7404525..5e578de master -> master

0ebc21e..a8692b1 389-ds-base-1.3.5 -> 389-ds-base-1.3.5

bad9197..bdf75dc 389-ds-base-1.3.4 -> 389-ds-base-1.3.4

a96eee0..b46fb65 389-ds-base-1.2.11 -> 389-ds-base-1.2.11

Metadata Update from @mreynolds:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1436575
- Custom field type adjusted to defect
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
- Issue tagged with: Security

6 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2279

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)

3 years ago

Login to comment on this ticket.