389 Directory Server Security Vulnerabilities Denial-of-Service Heap Overflow Kerberos

389 Directory Server Update Fixes Multiple Security Vulnerabilities

Multiple vulnerabilities have been fixed in the 389 Directory Server, including heap overflows and denial-of-service attacks.
389 Directory Server Update Fixes Multiple Security Vulnerabilities Photo by Pawel Czerwinski on Unsplash

Multiple Vulnerabilities Fixed in 389 Directory Server

A recent update to the 389 Directory Server has fixed multiple vulnerabilities that could lead to denial-of-service attacks or crashes. The update, which was released on August 15, 2024, addresses four CVEs: CVE-2024-1062, CVE-2024-2199, CVE-2024-3657, and CVE-2024-5953.

Vulnerability Details

The vulnerabilities affected the 389 Directory Server’s handling of log entries, user passwords, and Kerberos AS-REQ requests. Specifically:

  • CVE-2024-1062: A heap overflow could occur when writing a value larger than 256 characters to the log_entry_attr field, leading to a denial-of-service attack.

  • CVE-2024-2199: A malformed user password could cause the server to crash at the do_modify function in slapd/modify.c.

A malformed user password can cause the server to crash. - Bug #2267976

  • CVE-2024-3657: A specially crafted Kerberos AS-REQ request could cause a denial-of-service attack.

  • CVE-2024-5953: A malformed user password hash could cause a denial-of-service attack.

Update Information

The update to version 3.0.4-2 of the 389 Directory Server includes the following changes:

  • Replaced lmdb with lmdb-libs in Requires
  • Updated to version 3.0.4
  • Resolved CVE-2024-1062, CVE-2024-2199, CVE-2024-3657, and CVE-2024-5953

Conclusion

The 389 Directory Server is a critical component of many organizations’ infrastructure. These vulnerabilities highlight the importance of keeping software up-to-date and patched. Administrators are advised to apply the update as soon as possible to prevent potential attacks.

Stories from Around the Web

Senseless Vandalism in Gengenbach: A Summer of Adventure in the Ortenau Region
Older post

Senseless Vandalism in Gengenbach: A Summer of Adventure in the Ortenau Region

Newer post

How AI Is Revolutionizing Smartphones: A Closer Look at the Pixel 9 Series

How AI Is Revolutionizing Smartphones: A Closer Look at the Pixel 9 Series

Related

View all
Google Chrome Users Urged to Update Immediately: Critical Vulnerabilities Exposed
Google Chrome Cybersecurity Vulnerabilities CERT-In Online Safety

Google Chrome Users Urged to Update Immediately: Critical Vulnerabilities Exposed

By Kate Monroe
Spectre's Haunting Legacy: New Vulnerabilities in Intel and AMD Processors
Spectre Cybersecurity Intel AMD Vulnerabilities Cyber Threats

Spectre's Haunting Legacy: New Vulnerabilities in Intel and AMD Processors

By Kate Monroe
Navigating the Cybersecurity Landscape: NIS-2 Compliance and CUPS Vulnerabilities
NIS-2 Cybersecurity CUPS Vulnerabilities Compliance

Navigating the Cybersecurity Landscape: NIS-2 Compliance and CUPS Vulnerabilities

By Kate Monroe
This Week in Tech: Software Updates and Innovations on the Horizon
Software Updates Technology Security Gaming

This Week in Tech: Software Updates and Innovations on the Horizon

By Lily Samson