CVE-2015-0283

Опубликовано: 26 мар. 2015

Источник: redhat

CVSS2: 5

EPSS Низкий

Описание

The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.

It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for information about a group with many members, or a request for a user that belongs to a large number of groups, would cause a Directory Server to enter an infinite loop and consume an excessive amount of CPU time.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	slapi-nis	Not affected
Red Hat Enterprise Linux 7	ipa	Fixed	RHSA-2015:0728	26.03.2015
Red Hat Enterprise Linux 7	slapi-nis	Fixed	RHSA-2015:0728	26.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=1195729slapi-nis: infinite loop in getgrnam_r() and getgrgid_r()

EPSS

Процентиль: 82%

0.01799

Низкий

5 Medium

CVSS2

Связанные уязвимости

CVE-2015-0283

ubuntu

больше 10 лет назад

CVE-2015-0283

nvd

больше 10 лет назад

CVE-2015-0283

debian

больше 10 лет назад

The slapi-nis plug-in before 0.54.2 does not properly reallocate memor ...

GHSA-mh9j-g427-6h4w

github

больше 3 лет назад

ELSA-2015-0728

oracle-oval

больше 10 лет назад

ELSA-2015-0728: ipa and slapi-nis security and bug fix update (MODERATE)

EPSS

Процентиль: 82%

0.01799

Низкий

5 Medium

CVSS2