Amazon Linux AMI update for 389-ds-base

Published: 2018-10-24 | Updated: 2018-10-29

Risk	Low
Patch available	YES
Number of vulnerabilities	4
CVE-ID	CVE-2018-10850 CVE-2018-14624 CVE-2018-10935 CVE-2018-14638
CWE-ID	CWE-362 CWE-20 CWE-264
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #3 is available.
Vulnerable software	Amazon Linux AMI Operating systems & Components / Operating system
Vendor	Amazon Web Services

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Race condition

EUVDB-ID: #VU13395

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-10850

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to a race condition in the way 389-ds-base handles persistent search. A remote attacker can send a specially crafted request that submits malicious input and cause the system to crash.

Mitigation

Update the affected packages.

i686:
    389-ds-base-1.3.7.5-28.58.amzn1.i686
    389-ds-base-debuginfo-1.3.7.5-28.58.amzn1.i686
    389-ds-base-devel-1.3.7.5-28.58.amzn1.i686
    389-ds-base-libs-1.3.7.5-28.58.amzn1.i686
    389-ds-base-snmp-1.3.7.5-28.58.amzn1.i686

src:
    389-ds-base-1.3.7.5-28.58.amzn1.src

x86_64:
    389-ds-base-devel-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-snmp-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-debuginfo-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-libs-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-1.3.7.5-28.58.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2018-1094.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU15561

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-14624

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to incorrect use of the lock controlling error log when re-opening the log file in log__error_emergency(. A remote attacker can send a flood of modifications to a very large DN and cause the slapd to crash.

Mitigation

Update the affected packages.

i686:
    389-ds-base-1.3.7.5-28.58.amzn1.i686
    389-ds-base-debuginfo-1.3.7.5-28.58.amzn1.i686
    389-ds-base-devel-1.3.7.5-28.58.amzn1.i686
    389-ds-base-libs-1.3.7.5-28.58.amzn1.i686
    389-ds-base-snmp-1.3.7.5-28.58.amzn1.i686

src:
    389-ds-base-1.3.7.5-28.58.amzn1.src

x86_64:
    389-ds-base-devel-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-snmp-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-debuginfo-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-libs-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-1.3.7.5-28.58.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2018-1094.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU15529

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-10935

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists due to improper processing of Lightweight Directory Access Protocol (LDAP) queries. A remote attacker can send execute the ldapsearch command with server-side sorting controls and cause the LDAP server to crash, resulting in a DoS condition.

Mitigation

Update the affected packages.

i686:
    389-ds-base-1.3.7.5-28.58.amzn1.i686
    389-ds-base-debuginfo-1.3.7.5-28.58.amzn1.i686
    389-ds-base-devel-1.3.7.5-28.58.amzn1.i686
    389-ds-base-libs-1.3.7.5-28.58.amzn1.i686
    389-ds-base-snmp-1.3.7.5-28.58.amzn1.i686

src:
    389-ds-base-1.3.7.5-28.58.amzn1.src

x86_64:
    389-ds-base-devel-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-snmp-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-debuginfo-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-libs-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-1.3.7.5-28.58.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2018-1094.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Denial of service

EUVDB-ID: #VU15562

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-14638

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to unspecified flaw. A remote attacker can terminate persistent search connections and cause the process ns-slapd to crash in delete_passwdPolicy function.

Mitigation

Update the affected packages.

i686:
    389-ds-base-1.3.7.5-28.58.amzn1.i686
    389-ds-base-debuginfo-1.3.7.5-28.58.amzn1.i686
    389-ds-base-devel-1.3.7.5-28.58.amzn1.i686
    389-ds-base-libs-1.3.7.5-28.58.amzn1.i686
    389-ds-base-snmp-1.3.7.5-28.58.amzn1.i686

src:
    389-ds-base-1.3.7.5-28.58.amzn1.src

x86_64:
    389-ds-base-devel-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-snmp-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-debuginfo-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-libs-1.3.7.5-28.58.amzn1.x86_64
    389-ds-base-1.3.7.5-28.58.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2018-1094.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.