Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-3883

Опубликовано: 17 апр. 2019
Источник: debian
EPSS Низкий

Описание

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
389-ds-basefixed1.4.1.5-1package
389-ds-baseno-dsastretchpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=1693612

  • https://pagure.io/389-ds-base/issue/50329

  • https://pagure.io/389-ds-base/c/4d9cc24da (master)

  • https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0)

  • https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9)

  • Patch was applied upstream but then reverted again, as it introduces

  • regressions:

  • https://pagure.io/389-ds-base/c/f35ad37100ab5915445d6d37f8921dd46f83656e

  • Fixed properly via:

  • https://pagure.io/389-ds-base/pull-request/50398

  • https://pagure.io/389-ds-base/c/f20e982c68a700b5ba2c41e5b6f3cdeb5fcb5fab (389-ds-base-1.4.1.4)

  • https://pagure.io/389-ds-base/c/7b0e7f6f51f6a117f6a40aa3967cad656eafb811 (389-ds-base-1.4.0.24)

  • https://pagure.io/389-ds-base/c/33ac4f5a78d1a42385d1c011d88cef26771e99f5 (389-ds-base-1.3.9 branch)

EPSS

Процентиль: 58%
0.00362
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-3883

CVSS3: 7.5
ubuntu
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

redhat логотип

CVE-2019-3883

CVSS3: 5.3
redhat
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

nvd логотип

CVE-2019-3883

CVSS3: 7.5
nvd
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

github логотип

GHSA-c65q-p9xj-798w

CVSS3: 7.5
github
больше 3 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

oracle-oval логотип

ELSA-2019-1896

oracle-oval
больше 6 лет назад

ELSA-2019-1896: 389-ds-base security and bug fix update (MODERATE)

EPSS

Процентиль: 58%
0.00362
Низкий