Details of VAR-201809-0650

ID

VAR-201809-0650

CVE

CVE-2018-10935

TITLE

389 Directory Server Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009265

DESCRIPTION

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. 389 Directory Server Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RedHat389DirectoryServer (formerly known as FedoraDirectoryServer) is an enterprise-class Linux directory server from RedHat. The server fully supports the LDAPv3 specification and features scalable, multi-master replication. A security vulnerability exists in RedHat389DirectoryServer. An attacker could exploit the vulnerability to cause a denial of service (crash). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: 389-ds-base security and bug fix update Advisory ID: RHSA-2018:2757-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2757 Issue date: 2018-09-25 CVE Names: CVE-2018-10850 CVE-2018-10935 CVE-2018-14624 CVE-2018-14638 ==================================================================== 1. Summary: An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Security Fix(es): * 389-ds-base: race condition on reference counter leads to DoS using persistent search (CVE-2018-10850) * 389-ds-base: ldapsearch with server side sort allows users to cause a crash (CVE-2018-10935) * 389-ds-base: Server crash through modify command with large DN (CVE-2018-14624) * 389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly (CVE-2018-14638) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-10850 issue was discovered by Thierry Bordaz (Red Hat) and the CVE-2018-14638 issue was discovered by Viktor Ashirov (Red Hat). Bug Fix(es): * Previously, the nucn-stans framework was enabled by default in Directory Server, but the framework is not stable. As a consequence, deadlocks and file descriptor leaks could occur. This update changes the default value of the nsslapd-enable-nunc-stans parameter to "off". (BZ#1614836) * When a search evaluates the "shadowAccount" entry, Directory Server adds the shadow attributes to the entry. If the fine-grained password policy is enabled, the "shadowAccount" entry can contain its own "pwdpolicysubentry" policy attribute. Previously, to retrieve this attribute, the server started an internal search for each "shadowAccount" entry, which was unnecessary because the entry was already known to the server. As a result, the performance of searches, such as response time and throughput, is improved. (BZ#1615924) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the 389 server service will be restarted automatically. 5. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm ppc64le: 389-ds-base-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64le.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm aarch64: 389-ds-base-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.aarch64.rpm ppc64le: 389-ds-base-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm ppc64: 389-ds-base-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64.rpm ppc64le: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64le.rpm s390x: 389-ds-base-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.s390x.rpm x86_64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm aarch64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.aarch64.rpm ppc64le: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64le.rpm s390x: 389-ds-base-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-10850 https://access.redhat.com/security/cve/CVE-2018-10935 https://access.redhat.com/security/cve/CVE-2018-14624 https://access.redhat.com/security/cve/CVE-2018-14638 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6qI2dzjgjWX9erEAQgW5g//Xn0tMzXPX9ttN9u/n6vEr3kEio7meGc8 g70R7mtWsJj5z3VfnvFD5mRmQQinsMJXI0/IUfBU+X/oZb7rGI33ALYh0lg1rerc 2jxXBAwJKpSwkstFvJiUs2XOznh3VaYkwg/UxqEtkh4xSnO1WfbFJpHhoPIf6d8Y Cu7ymH+3VGLTR3N11HJzbrmKdmyt3p/s8UGuKO0Lh6rtnSdtM7eq5mfOYgRAp/Wm PZgVCLexexfVNzqzIjkt/KzpNrobFJUryZbXrafVpq14nUAWFRWDN4TCzUdDd0GA um46apVZHH2mAZuq+FIvokFBIIxW2DEvxj/c2UiZqDv2o7TOocssOJXw4CUIsitD QZBLnlmH/jq/L4HHwnT/4eshz2kX6yEYVNP7Nhv4bamEC7eu0y8anItyErZ7+w2L aY/3kL3uWssWnU9ESyIXvex34HmcHK0FzeBKV5ZUEwBXfdjBAGf5k8l0MyoyiS7D FK+OxXsLaORs66GaPA1MHAyAscIVTElu0GQRInDQKCgRf3uvzKT3UammoPF6Djk4 DxxIVjFV7ZExade0XdjlpkI4kUItvxXRnvAX7nT34D+jBny3WuWuVCLHUcrvYaZl hf1pBHkwR/kuK/BHh99QM/JrfvJixe0Nwosdi+ra1TO2eB2/TPtJUdeoiMcoF7qA emssayK3UGk=rOwt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.34

sources: NVD: CVE-2018-10935 // JVNDB: JVNDB-2018-009265 // CNVD: CNVD-2018-19614 // VULMON: CVE-2018-10935 // PACKETSTORM: 149538

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-19614

AFFECTED PRODUCTS

vendor:	redhat	model:	389 directory server	scope:	gte	version:	1.3.0.0	Trust: 1.0
vendor:	redhat	model:	389 directory server	scope:	gte	version:	1.4.0.0	Trust: 1.0
vendor:	redhat	model:	389 directory server	scope:	lt	version:	1.3.8.7	Trust: 1.0
vendor:	redhat	model:	389 directory server	scope:	lt	version:	1.4.0.14	Trust: 1.0
vendor:	fedora	model:	389 directory server	scope:	-	version:	-	Trust: 0.8
vendor:	red	model:	hat directory server	scope:	eq	version:	389	Trust: 0.6

sources: CNVD: CNVD-2018-19614 // JVNDB: JVNDB-2018-009265 // NVD: CVE-2018-10935

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-10935
value:	MEDIUM
Trust: 1.0
secalert@redhat.com:	CVE-2018-10935
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-10935
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-19614
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201809-560
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2018-10935
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-10935
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-19614
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

secalert@redhat.com:	CVE-2018-10935
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2018-10935
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2018-19614 // VULMON: CVE-2018-10935 // JVNDB: JVNDB-2018-009265 // CNNVD: CNNVD-201809-560 // NVD: CVE-2018-10935 // NVD: CVE-2018-10935

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.8
problemtype:	CWE-400	Trust: 1.0

sources: JVNDB: JVNDB-2018-009265 // NVD: CVE-2018-10935

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-560

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201809-560

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009265

PATCH

title:	Top Page	url:	https://directory.fedoraproject.org/	Trust: 0.8
title:	Patch for RedHat389DirectoryServer Denial of Service Vulnerability (CNVD-2018-19614)	url:	https://www.cnvd.org.cn/patchInfo/show/140895	Trust: 0.6
title:	Debian CVElist Bug Report Logs: 389-ds-base: CVE-2018-10935: ldapsearch with server side sort allows users to cause a crash	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=4cd337837ef235c9819f4c0a08ff6332	Trust: 0.1
title:	Red Hat: Moderate: 389-ds-base security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182757 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: 389-ds-base security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183127 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2018-1094	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1094	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2018-1094	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2018-1094	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=9cb9a8ed428c6faca615e91d2f1a216d	Trust: 0.1

sources: CNVD: CNVD-2018-19614 // VULMON: CVE-2018-10935 // JVNDB: JVNDB-2018-009265

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10935	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-009265	Trust: 0.8
db:	CNVD	id:	CNVD-2018-19614	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2394	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1661	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3144	Trust: 0.6
db:	CNNVD	id:	CNNVD-201809-560	Trust: 0.6
db:	VULMON	id:	CVE-2018-10935	Trust: 0.1
db:	PACKETSTORM	id:	149538	Trust: 0.1

sources: CNVD: CNVD-2018-19614 // VULMON: CVE-2018-10935 // JVNDB: JVNDB-2018-009265 // PACKETSTORM: 149538 // CNNVD: CNNVD-201809-560 // NVD: CVE-2018-10935

REFERENCES

url:	https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-10935	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2018:2757	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10935	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10935	Trust: 0.8
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191207-2.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192155-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20191207-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80690	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2394/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3144/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906985	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=59033	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10850	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14638	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10850	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14638	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14624	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14624	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10935	Trust: 0.1

sources: CNVD: CNVD-2018-19614 // VULMON: CVE-2018-10935 // JVNDB: JVNDB-2018-009265 // PACKETSTORM: 149538 // CNNVD: CNNVD-201809-560 // NVD: CVE-2018-10935

CREDITS

Red Hat

Trust: 0.1

sources: PACKETSTORM: 149538

SOURCES

db:	CNVD	id:	CNVD-2018-19614
db:	VULMON	id:	CVE-2018-10935
db:	JVNDB	id:	JVNDB-2018-009265
db:	PACKETSTORM	id:	149538
db:	CNNVD	id:	CNNVD-201809-560
db:	NVD	id:	CVE-2018-10935

LAST UPDATE DATE

2024-11-23T21:31:23.711000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-19614	date:	2018-09-21T00:00:00
db:	VULMON	id:	CVE-2018-10935	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-009265	date:	2018-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201809-560	date:	2019-10-10T00:00:00
db:	NVD	id:	CVE-2018-10935	date:	2024-11-21T03:42:20.647

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-19614	date:	2018-09-21T00:00:00
db:	VULMON	id:	CVE-2018-10935	date:	2018-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-009265	date:	2018-11-13T00:00:00
db:	PACKETSTORM	id:	149538	date:	2018-09-25T22:59:06
db:	CNNVD	id:	CNNVD-201809-560	date:	2018-09-11T00:00:00
db:	NVD	id:	CVE-2018-10935	date:	2018-09-11T15:29:00.343