CVE-2018-14624Improper Input Validation in 389 Directory Server

CWE-20Improper Input Validation10 documents8 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Port389 389-ds-baseFedoraproject 389 Directory ServerDebian Linux+6 more
Timeline
PublishedSep 6
Latest updateMay 14

Description

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

Debianport389/389-ds-base< 1.4.0.18-1+2
NVDfedoraproject/389_directory_server1.3.8.01.3.8.8+2

Also affects: Debian Linux 8.0, Enterprise Linux 7.6, 7.5

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-2986-vwq2-p2w6: A vulnerability was discovered in 389-ds-base through versions 12022-05-14
OSV
CVE-2018-14624: A vulnerability was discovered in 389-ds-base through versions 12018-09-06
CVEList
CVE-2018-14624: A vulnerability was discovered in 389-ds-base through versions 12018-09-06

💥Exploits & PoCs

1
Nuclei
Zeit Next.js < 4.2.3 - Local File Inclusion

📋Vendor Advisories

2
Red Hat
389-ds-base: Server crash through modify command with large DN2018-08-31
Debian
CVE-2018-14624: 389-ds-base - A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8...2018

💬Community

3
Bugzilla
CVE-2018-14624 389-ds-base: Server crash through modify command with large DN [fedora-all]2018-08-31
Bugzilla
CVE-2018-14624 389-ds-base: Server crash through modify command with large DN [rhel-7.5.z]2018-08-28
Bugzilla
CVE-2018-14624 389-ds-base: Server crash through modify command with large DN2018-08-20
CVE-2018-14624 — Improper Input Validation | cvebase