CVE-2016-0741 : slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.

slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.

Published 2016-04-19 21:59:07

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-0741

Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Hpc Node » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.3.4.1
cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.3.4.0
cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.3.4.5
cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.5:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.3.4.4
cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-0741

EPSS FAQ

2.46%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-0741

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-0741

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-0741

https://fedorahosted.org/389/changeset/cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2/

Overview - 389-ds-base - Pagure.io
http://www.securityfocus.com/bid/82343

RedHat 389 Directory Server CVE-2016-0741 Denial of Service Vulnerability
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Oracle Linux Bulletin - January 2016

CVEs referencing this url
https://fedorahosted.org/389/ticket/48412

Issue #48412: worker threads do not detect abnormally closed connections - 389-ds-base - Pagure.io
http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-4-7.html

389 Directory Server - Releases/1.3.4.7
Patch;Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-0204.html

RHSA-2016:0204 - Security Advisory - Red Hat Customer Portal

Jump to

Vulnerability Details : CVE-2016-0741

Products affected by CVE-2016-0741

Exploit prediction scoring system (EPSS) score for CVE-2016-0741

CVSS scores for CVE-2016-0741

CWE ids for CVE-2016-0741

References for CVE-2016-0741