CESA-2017:0893 -- centos 6 389-ds-baseID: oval:org.secpod.oval:def:204471 | Date: (C)2017-04-14 (M)2023-07-28 |
Class: PATCH | Family: unix |
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. Red Hat would like to thank Joachim Jabs for reporting this issue. Bug Fix: * Previously, the deref plug-in failed to dereference attributes that use distinguished name syntax, such as uniqueMember. With this patch, the deref plug-in can dereference such attributes and additionally Name and Optional UID syntax. As a result, the deref plug-in now supports any syntax