Описание
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
Отчет
The issue is classified as moderate severity rather than important because, while it allows an unauthenticated user to trigger a denial of service (DoS) by sending a specific extended search request, it does not compromise the integrity or confidentiality of the system. The vulnerability is limited to service availability, meaning the server can crash and become temporarily unavailable, but no data is leaked, altered, or accessed by unauthorized users. Additionally, recovery from this condition typically involves restarting the service, which can be automated or handled through monitoring tools, thus limiting the long-term impact. Since the flaw does not facilitate unauthorized access or privilege escalation, it is considered moderate in severity.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Directory Server 11 | redhat-ds:11/389-ds-base | Not affected | ||
| Red Hat Enterprise Linux 6 | 389-ds-base | Not affected | ||
| Red Hat Enterprise Linux 7 | 389-ds-base | Not affected | ||
| Red Hat Enterprise Linux 8 | 389-ds:1.4/389-ds-base | Not affected | ||
| Red Hat Directory Server 12.4 for RHEL 9 | redhat-ds | Fixed | RHSA-2024:4997 | 06.08.2024 |
| Red Hat Enterprise Linux 9 | 389-ds-base | Fixed | RHSA-2024:5192 | 12.08.2024 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
A flaw was found in the 389 Directory Server. This flaw allows an unau ...
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
6.5 Medium
CVSS3