389-ds-base-1.2.11.15-94.AXS4
エラータID: AXSA:2018-2619:01
リリース日:
2018/03/14 Wednesday - 05:56
題名:
389-ds-base-1.2.11.15-94.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 389-ds-base は,認証プロセスにおいて,内部的なハッシュ比較操作を
正しく処理しない場合があり,リモートの認証されていない攻撃者が,限定的
な状況下においてこの欠陥を利用し,認証プロセスを迂回する脆弱性がありま
す。(CVE-2017-15135)
- 389-ds-base の LDAP サーチフィルタの処理において境界外からメモリを
読み込む問題があり,巧妙に細工された LDAP リクエストによって,リモートの
認証されていない攻撃者がこの問題を用いて ns-slapd をクラッシュさせ,
サービス拒否を引き起こす可能性のある脆弱性があります。(CVE-2018-1054)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-15135
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.
CVE-2018-1054
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
追加情報:
N/A
ダウンロード:
SRPMS
- 389-ds-base-1.2.11.15-94.AXS4.src.rpm
MD5: fe9a20093c3bb4c0843ab62ece69741e
SHA-256: 11980919fa06e358e4c6536f554f283c5604fb3bb728ba78eeb982c3fd93309e
Size: 4.23 MB
Asianux Server 4 for x86
- 389-ds-base-1.2.11.15-94.AXS4.i686.rpm
MD5: abcfafbff10a67ed4e95c555ca0dce11
SHA-256: e24afc22567edabe2ab6222e6dd6060cf13b870c3ab094689524319104c924dc
Size: 1.52 MB - 389-ds-base-libs-1.2.11.15-94.AXS4.i686.rpm
MD5: 596ca68ea1c2558ffce1672238ec0a8e
SHA-256: e004399c11562a0e4a03914511adc1fb3d84c95a6f64032d977e6acd090eac74
Size: 449.84 kB
Asianux Server 4 for x86_64
- 389-ds-base-1.2.11.15-94.AXS4.x86_64.rpm
MD5: 12e487cffa6176c8bdc39d614dcf1fc1
SHA-256: 25a3796ca6fc03546e0bf591a51a5a13c6b35efc9093f54579e6449a76ff6c69
Size: 1.52 MB - 389-ds-base-libs-1.2.11.15-94.AXS4.x86_64.rpm
MD5: 94f231ead47ebb2d23b992107aa7bbc8
SHA-256: 01a7c82de65ff780ba30e70199c9f1ffe4199306bfc015ce50031a3e5aca469e
Size: 444.50 kB - 389-ds-base-libs-1.2.11.15-94.AXS4.i686.rpm
MD5: 596ca68ea1c2558ffce1672238ec0a8e
SHA-256: e004399c11562a0e4a03914511adc1fb3d84c95a6f64032d977e6acd090eac74
Size: 449.84 kB