Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 835611 (CVE-2022-0918, CVE-2022-0996, CVE-2022-2850) - net-nds/389-ds-base: multiple vulnerabilities
Summary: net-nds/389-ds-base: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2022-0918, CVE-2022-0996, CVE-2022-2850
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://github.com/389ds/389-ds-base/...
Whiteboard: ~3 [??]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-19 04:59 UTC by John Helmert III
Modified: 2022-10-14 20:57 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-19 04:59:47 UTC
CVE-2022-0918:

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.

No references to upstream again.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-24 00:47:15 UTC
CVE-2022-0996 (https://github.com/ByteHackr/389-ds-base):
https://bugzilla.redhat.com/show_bug.cgi?id=2064769

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-12 15:50:35 UTC
(In reply to John Helmert III from comment #0)
> CVE-2022-0918:
> 
> A vulnerability was discovered in the 389 Directory Server that allows an
> unauthenticated attacker with network access to the LDAP port to cause a
> denial of service. The denial of service is triggered by a single message
> sent over a TCP connection, no bind or other authentication is required. The
> message triggers a segmentation fault that results in slapd crashing.
> 
> No references to upstream again.

https://github.com/389ds/389-ds-base/issues/5242

Unreleased patches for each branch linked in a comment on the issue.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-14 20:57:46 UTC
CVE-2022-2850 (https://bugzilla.redhat.com/show_bug.cgi?id=2118691):

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=2055815

Patches exist in all branches. Fix seems released in 2.1.5 for 2.1.x,
but seemingly not yet for 1.4.x.