LDAP Invalid Pointer Dereference in 389-ds-base from Red Hat
CVE-2017-2668

6.5MEDIUM

Key Information:

Vendor

[unknown]

Status
389-ds-base
Vendor
CVE Published:
22 June 2018

What is CVE-2017-2668?

The 389 Directory Server (389-ds-base) is susceptible to a vulnerability that allows a remote unauthenticated attacker to exploit an invalid pointer dereference during the handling of LDAP bind requests. By sending a specially crafted LDAP bind request, an attacker could trigger a crash in the ns-slapd server process, leading to a denial of service. This flaw affects versions prior to 1.3.5.17 and 1.3.6.10, necessitating prompt updates to mitigate potential disruptions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

389-ds-base 389-ds-base 1.3.5.17

389-ds-base 389-ds-base 1.3.6.10

References

https://access.redhat.com/errata/RHSA-2017:0920
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668
x_refsource_CONFIRM
https://pagure.io/389-ds-base/issue/49220
x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.