LDAP: Red Hat 389 Directory Server ns-slapd ldapsearch Buffer Overflow

This signature detects attempt to exploit a stack buffer overflow vulnerability which has been discovered in 389 Directory Server. A remote attacker can issue a crafted query in order to trigger the vulnerability and cause cause arbitrary code execution with the privileges of the ns-slapd daemon. An unsuccessful attack will cause the ns-slapd daemon to abnormally terminate.

Extended Description

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

Affected Products

Redhat enterprise_linux_workstation

References

CVE: CVE-2018-1089

Short Name
LDAP:REDHAT-SLAPD-SRCH-BO
Severity
Major
Recommended
True
Recommended Action
Drop
Category
LDAP
Keywords
389 Buffer CVE-2018-1089 Directory Hat Overflow Red Server ldapsearch ns-slapd
Release Date
09/25/2018
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Fedoraproject

Debian

Redhat

CVSS Score

5.0

Found a potential security threat?