389-ds-base-2.1.3-4.el9
エラータID: AXSA:2023-4906:01
リリース日:
2023/01/31 Tuesday - 07:57
題名:
389-ds-base-2.1.3-4.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- 389-ds-base には、LDAP ポートにネットワークアクセスできる未認証
の攻撃者が、TCP 接続でメッセージを送信することによって、セグメン
テーションフォールトを引き起こし、slapd がクラッシュするサービス
拒否を引き起こす脆弱性があります。(CVE-2022-0918)
- 389-ds-base には、期限切れのパスワードでデータベースにアクセス
可能となり、不適切な認証が行われる脆弱性があります。
(CVE-2022-0996)
- 389-ds-base には、NULL ポインタデリファレンスの問題があるため、
認証されたリモートの攻撃者により、コンテンツ同期プラグインが有効
な環境で特別に細工されたクエリを介して、サービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2022-2850)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-0918
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
CVE-2022-0996
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
CVE-2022-2850
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
追加情報:
N/A
ダウンロード:
SRPMS
- 389-ds-base-2.1.3-4.el9.src.rpm
MD5: b86accc2a4ae5b0b06346bcaed628bf9
SHA-256: 122e33a6c3358f93d6139ac442d819a4ed9d81b85bff98dc0e4a62ede901059c
Size: 13.90 MB
Asianux Server 9 for x86_64
- 389-ds-base-2.1.3-4.el9.x86_64.rpm
MD5: 7e05a63b50559c897d8c0ccf228ce98d
SHA-256: a6feeb3ba10d17a593d53d34c8efecf6993e63a5f37819c316d132fc073cd47f
Size: 2.85 MB - 389-ds-base-libs-2.1.3-4.el9.x86_64.rpm
MD5: d59ac7229ceb592adfddbe254c41b038
SHA-256: f831874ef64bbf93a268db9aec83f26793db7df87816455c993ce07e8fadab06
Size: 1.47 MB - python3-lib389-2.1.3-4.el9.noarch.rpm
MD5: 2e2e3b140d71822cc4a737d2e1949614
SHA-256: d3074a1ccc0194c1eebccee907928c8cb0ff02aeb1ca4a6fe610d579e5dee83f
Size: 856.27 kB