Denial of Service in 389 Directory Server by Red Hat
CVE-2011-1067

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: 389 Directory Server
Vendor: CVE Published:; 23 February 2011

Summary

The 389 Directory Server's slapd service contains a vulnerability that improperly manages the c_timelimit field in its connection table. This mismanagement can be exploited by remote attackers through Simple Paged Results connections, allowing them to induce a denial of service condition by manipulating TCP session replays across multiple processes. As a result, it can lead to significant disruptions by causing the daemon to become unresponsive.

References

http://secunia.com/advisories/43566

third-party-advisoryx_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=668619

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/65769

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 23, 2011
Vulnerability Reserved
Feb 23, 2011