SB2024103178 - SUSE update for 389-ds
Published: October 31, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2024-2199)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when modifying "userPassword". A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
2) Input validation error (CVE-ID: CVE-2024-3657)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing Kerberos AS-REQ packets. A remote user can send specially crafted query to the LDAP server and perform a denial of service (DoS) attack.
3) Input validation error (CVE-ID: CVE-2024-5953)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of password hashes. A remote attacker can crash the LDAP server when attempting to log in with a user with a malformed hash in their password.
Remediation
Install update from vendor's website.