CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.
Security Fix(s):
389-ds-base: Potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657) (BZ#2274401)
389-ds-base: Authenticated user can cause a server failure while modifying userPassword
using malformed input (CVE-2024-2199) (BZ#2267976)
389-ds-base: Denial of service when writing a value larger than 256 chars in log_entry_attr (CVE-2024-1062) (BZ#2261879)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug fix(es):
Directory Server now flushes the entry cache less frequently (BZ#2268177)
The ns-slapd
binary is now linked with the thread-safe libldap_r
library, no longer causing segmentation fault (BZ#2264534)
Users of Red Hat Directory Server 11 are advised to install these updated packages.