Fedoraproject » 389 Directory Server : Security Vulnerabilities, CVEs, Published In 2011 (Denial of service)
slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.
Max CVSS
5.0
EPSS Score
1.13%
Published
2011-02-23
Updated
2017-08-17
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.
Max CVSS
4.7
EPSS Score
0.04%
Published
2011-02-23
Updated
2011-03-31
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.
Max CVSS
7.5
EPSS Score
1.16%
Published
2011-02-23
Updated
2011-03-31
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019.
Max CVSS
5.0
EPSS Score
0.20%
Published
2011-02-23
Updated
2011-05-11
4 vulnerabilities found