Photo by Multiple Vulnerabilities Fixed in 389 Directory Server
A recent update to the 389 Directory Server has fixed multiple vulnerabilities that could lead to denial-of-service attacks or crashes. The update, which was released on August 15, 2024, addresses four CVEs: CVE-2024-1062, CVE-2024-2199, CVE-2024-3657, and CVE-2024-5953.
Vulnerability Details
The vulnerabilities affected the 389 Directory Server’s handling of log entries, user passwords, and Kerberos AS-REQ requests. Specifically:
-
CVE-2024-1062: A heap overflow could occur when writing a value larger than 256 characters to the log_entry_attr field, leading to a denial-of-service attack.
-
CVE-2024-2199: A malformed user password could cause the server to crash at the do_modify function in slapd/modify.c.
A malformed user password can cause the server to crash. - Bug #2267976
-
CVE-2024-3657: A specially crafted Kerberos AS-REQ request could cause a denial-of-service attack.
-
CVE-2024-5953: A malformed user password hash could cause a denial-of-service attack.
Update Information
The update to version 3.0.4-2 of the 389 Directory Server includes the following changes:
- Replaced lmdb with lmdb-libs in Requires
- Updated to version 3.0.4
- Resolved CVE-2024-1062, CVE-2024-2199, CVE-2024-3657, and CVE-2024-5953
Conclusion
The 389 Directory Server is a critical component of many organizations’ infrastructure. These vulnerabilities highlight the importance of keeping software up-to-date and patched. Administrators are advised to apply the update as soon as possible to prevent potential attacks.
