Total vulnerabilities in the database
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
| Software | From | Fixed in |
|---|---|---|
| fedoraproject / 389_directory_server | 1.4.0.0 | 1.4.0.16.x |
| fedoraproject / 389_directory_server | 1.3.8.0 | 1.3.8.8.x |
| fedoraproject / 389_directory_server | - | 1.3.7.10.x |
| redhat / enterprise_linux_desktop | 7.0 | 7.0.x |
| redhat / enterprise_linux_workstation | 7.0 | 7.0.x |
| redhat / enterprise_linux_server | 7.0 | 7.0.x |
| redhat / enterprise_linux_server_eus | 7.5 | 7.5.x |
| redhat / enterprise_linux_server_tus | 7.6 | 7.6.x |
| redhat / enterprise_linux_server_eus | 7.6 | 7.6.x |
| redhat / enterprise_linux_server_aus | 7.6 | 7.6.x |
| debian / debian_linux | 8.0 | 8.0.x |