Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3883

Опубликовано: 12 апр. 2019
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6389-ds-baseWill not fix
Red Hat Enterprise Linux 7389-ds-baseFixedRHSA-2019:189629.07.2019
Red Hat Enterprise Linux 8389-dsFixedRHSA-2019:340105.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-772
https://bugzilla.redhat.com/show_bug.cgi?id=1693612389-ds-base: DoS via hanging secured connections

EPSS

Процентиль: 58%
0.00362
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3883

CVSS3: 7.5
ubuntu
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

nvd логотип

CVE-2019-3883

CVSS3: 7.5
nvd
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

debian логотип

CVE-2019-3883

CVSS3: 7.5
debian
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...

github логотип

GHSA-c65q-p9xj-798w

CVSS3: 7.5
github
больше 3 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

oracle-oval логотип

ELSA-2019-1896

oracle-oval
больше 6 лет назад

ELSA-2019-1896: 389-ds-base security and bug fix update (MODERATE)

EPSS

Процентиль: 58%
0.00362
Низкий

5.3 Medium

CVSS3