Vulnerability CVE-2018-14648


Published: 2018-09-28

Description:
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.

Type:

CWE-399

(Resource Management Errors)

Vendor: Debian
Product: Debian linux 
Version: 8.0;
Vendor: Redhat
Product: Enterprise linux 
Version: 7.0;
Vendor: Fedoraproject
Product: 389 directory server 
Version:
1.4.0.9
1.4.0.8
1.4.0.7
1.4.0.6
1.4.0.5
1.4.0.4
1.4.0.3
1.4.0.2
1.4.0.16
1.4.0.15
1.4.0.14
1.4.0.13
1.4.0.12
1.4.0.11
1.4.0.10
1.4.0.1
1.4.0.0
1.3.9.0
1.3.8.9
1.3.8.8
1.3.8.7
1.3.8.6
1.3.8.5
1.3.8.4
1.3.8.3
1.3.8.2
1.3.8.10
1.3.8.1
1.3.7.9
1.3.7.8
1.3.7.7
1.3.7.6
1.3.7.5
1.3.7.4
1.3.7.3
1.3.7.2
1.3.7.10
1.3.7.1
1.3.6.9
1.3.6.8
1.3.6.7
1.3.6.6
1.3.6.5
1.3.6.4
1.3.6.3
1.3.6.2
1.3.6.15
1.3.6.14
1.3.6.13
1.3.6.12
1.3.6.11
1.3.6.10
1.3.6.1
1.3.6.0
1.3.6
1.3.5.4
1.3.5.3
1.3.5.2
1.3.5.19
1.3.5.18
1.3.5.17
1.3.5.16
1.3.5.15
1.3.5.14
1.3.5.13
1.3.4.9
1.3.4.8
1.3.4.5
1.3.4.4
1.3.4.14
1.3.4.1
1.3.4.0
1.3.3.9
1.3.3.8
1.3.3.5
1.3.3.3
1.3.3.2
1.3.3.14
1.3.3.13
1.3.3.12
1.3.3.11
1.3.3.10
1.3.3.0
1.3.2.9
1.3.2.8
1.3.2.7
1.3.2.6
1.3.2.5
1.3.2.4
1.3.2.3
1.3.2.27
1.3.2.26
1.3.2.24
1.3.2.23
1.3.2.22
1.3.2.2
1.3.2.19
1.3.2.16
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
https://access.redhat.com/errata/RHSA-2018:3127
https://access.redhat.com/errata/RHSA-2018:3507
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648
https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html

Related CVE
CVE-2019-11235
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar is...
CVE-2019-11234
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
CVE-2019-3883
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are ...
CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation...
CVE-2019-3870
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700,...
CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.
CVE-2019-10903
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
CVE-2019-10902
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.

Copyright 2019, cxsecurity.com

 

Back to Top