Follow @discotekdotca
CVE-2018-14638
Current Description
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
Basic Data
| Published | September 14, 2018 |
|---|---|
| Last Modified | October 09, 2019 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-415 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | NONE |
| CVSS 2 - Availability Impact | PARTIAL |
| CVSS 2 - Base Score | 5.0 |
| Severity | MEDIUM |
| Exploitability Score | 10.0 |
| Impact Score | 2.9 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
| CVSS 3 - Version | 3.0 |
|---|---|
| CVSS 3 - Vector String | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVSS 3 - Attack Vector | NETWORK |
| CVSS 3 - Attack Complexity | LOW |
| CVSS 3 - Privileges Required | NONE |
| CVSS 3 - User Interaction | NONE |
| CVSS 3 - Scope | UNCHANGED |
| CVSS 3 - Confidentiality Impact | NONE |
| CVSS 3 - Integrity Impact | NONE |
| CVSS 3 - Availability Impact | HIGH |
| CVSS 3 - Base Score | 7.5 |
| CVSS 3 - Base Severity | HIGH |
| Exploitability Score | 3.9 |
| Base Severity | HIGH |
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Fedoraproject 389 Directory Server * * * * * * * * � � � 1.3.8.4 -
OR - Configuration 2
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Redhat Enterprise Linux Aus 7.6 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Desktop 7.0 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Server 7.0 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Server Eus 7.5 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Server Eus 7.6 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Server Tus 7.6 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Workstation 7.0 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux Workstation | 7.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server Tus | 7.6 |
| Redhat | Enterprise Linux Aus | 7.6 |
| Redhat | Enterprise Linux Server Eus | 7.5, 7.6 |
| Redhat | Enterprise Linux Server | 7.0 |
| Fedoraproject | 389 Directory Server | * |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| RHSA-2018:2757 | https://access.redhat.com/errata/RHSA-2018:2757 | REDHAT | Third Party Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638 | CONFIRM | Issue Tracking Mitigation Third Party Advisory |
| https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73 | https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73 | CONFIRM | Issue Tracking Mitigation Third Party Advisory |