cnvd - cnvd-2018-04655

cnvd-2018-04655

Vulnerability from cnvd

Title

Red Hat 389-ds-base栈缓冲区溢出漏洞

Description

Red Hat 389-ds-base是美国红帽（Red Hat）公司的一个包括了Linux目录服务器和服务器管理命令行程序的软件包。 Red Hat 389-ds-base 1.3.6.13之前的1.3.6.x版本，1.3.7.9之前的1.3.7.x版本和1.4.0.5之前的1.4.x版本中存在栈缓冲区溢出漏洞。远程攻击者可通过发送特制的LDAP请求利用该漏洞造成拒绝服务（崩溃）。

Severity

中

Patch Name

Red Hat 389-ds-base栈缓冲区溢出漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://directory.fedoraproject.org/

Reference

https://tools.cisco.com/security/center/viewAlert.x?alertId=56577 https://nvd.nist.gov/vuln/detail/CVE-2017-15134

Impacted products

Name
['Red Hat 389-ds-base 1.3.6.，<1.3.6.13', 'Red Hat 389-ds-base 1.3.7.，<1.3.7.9', 'Red Hat 389-ds-base 1.4.*，<1.4.0.5']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": [
      {
        "bidNumber": "102790"
      },
      {
        "bidNumber": "102790"
      }
    ]
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-15134"
    }
  },
  "description": "Red Hat 389-ds-base\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5305\u62ec\u4e86Linux\u76ee\u5f55\u670d\u52a1\u5668\u548c\u670d\u52a1\u5668\u7ba1\u7406\u547d\u4ee4\u884c\u7a0b\u5e8f\u7684\u8f6f\u4ef6\u5305\u3002\r\n\r\nRed Hat 389-ds-base 1.3.6.13\u4e4b\u524d\u76841.3.6.x\u7248\u672c\uff0c1.3.7.9\u4e4b\u524d\u76841.3.7.x\u7248\u672c\u548c1.4.0.5\u4e4b\u524d\u76841.4.x\u7248\u672c\u4e2d\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684LDAP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002",
  "discovererName": "Pedro Sampaio",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://directory.fedoraproject.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04655",
  "openTime": "2018-03-08",
  "patchDescription": "Red Hat 389-ds-base\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5305\u62ec\u4e86Linux\u76ee\u5f55\u670d\u52a1\u5668\u548c\u670d\u52a1\u5668\u7ba1\u7406\u547d\u4ee4\u884c\u7a0b\u5e8f\u7684\u8f6f\u4ef6\u5305\u3002\r\n\r\nRed Hat 389-ds-base 1.3.6.13\u4e4b\u524d\u76841.3.6.x\u7248\u672c\uff0c1.3.7.9\u4e4b\u524d\u76841.3.7.x\u7248\u672c\u548c1.4.0.5\u4e4b\u524d\u76841.4.x\u7248\u672c\u4e2d\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684LDAP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Red Hat 389-ds-base\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Red Hat 389-ds-base 1.3.6.*\uff0c\u003c1.3.6.13",
      "Red Hat 389-ds-base 1.3.7.*\uff0c\u003c1.3.7.9",
      "Red Hat 389-ds-base 1.4.*\uff0c\u003c1.4.0.5"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/viewAlert.x?alertId=56577\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15134",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-31",
  "title": "Red Hat 389-ds-base\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2017-15134 (GCVE-0-2017-15134)

Vulnerability from cvelistv5

Published

2018-03-01 21:00

Modified

2024-09-16 23:06

Severity ?

CWE

CWE-120

Summary

A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:0163	vendor-advisory, x_refsource_REDHAT
	https://pagure.io/389-ds-base/c/6aa2acdc3cad9	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1531573	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/102790	vdb-entry, x_refsource_BID
	https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html	vendor-advisory, x_refsource_SUSE