ID CVE-2015-0283
Summary The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:slapi-nis:*:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:slapi-nis:*:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 31-12-2016 - 02:59)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
rhsa
id RHSA-2015:0728
rpms
  • slapi-nis-0:0.54-3.el7_1
  • ipa-admintools-0:4.1.0-18.el7_1.3
  • ipa-client-0:4.1.0-18.el7_1.3
  • ipa-python-0:4.1.0-18.el7_1.3
  • ipa-server-0:4.1.0-18.el7_1.3
  • ipa-server-trust-ad-0:4.1.0-18.el7_1.3
refmap via4
bid 73377
confirm
fedora
  • FEDORA-2015-4747
  • FEDORA-2015-4788
Last major update 31-12-2016 - 02:59
Published 30-03-2015 - 14:59
Back to Top