CVE-2017-2591

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.

CVSS v3 3.7 LOW
CVSS v2.0 5.0 MEDIUM

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/95670	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591	Issue Tracking Third Party Advisory
https://pagure.io/389-ds-base/issue/48986	Patch Third Party Advisory
http://www.securityfocus.com/bid/95670	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591	Issue Tracking Third Party Advisory
https://pagure.io/389-ds-base/issue/48986	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:23

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/95670 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/95670 - Third Party Advisory, VDB Entry
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591 - Issue Tracking, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591 - Issue Tracking, Third Party Advisory
References	~~() https://pagure.io/389-ds-base/issue/48986 - Patch, Third Party Advisory~~	() https://pagure.io/389-ds-base/issue/48986 - Patch, Third Party Advisory
CVSS	v2 : ~~5.0~~ v3 : ~~7.5~~	v2 : 5.0 v3 : 3.7

Information

Published : 2018-04-30 12:29

Updated : 2024-11-21 03:23

NVD link : CVE-2017-2591

Mitre link : CVE-2017-2591

CVE.ORG link : CVE-2017-2591

JSON object : View

Products Affected

fedoraproject

389_directory_server

redhat

enterprise_linux

CWE

CWE-122

Heap-based Buffer Overflow

CWE-125

Out-of-bounds Read

{"id": "CVE-2017-2591", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-04-30T12:29:00.220", "references": [{"url": "http://www.securityfocus.com/bid/95670", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://pagure.io/389-ds-base/issue/48986", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/95670", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://pagure.io/389-ds-base/issue/48986", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the \"attribute uniqueness\" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service."}, {"lang": "es", "value": "389-ds-base, en versiones anteriores a la 1.3.6, es vulnerable a un array terminado indebidamente en NULL en la funci\u00f3n uniqueness_entry_to_config() en el plugin \"attribute uniqueness\" de 389 Directory Server. Un atacante autenticado o, posiblemente, sin autenticar, podr\u00eda emplear este error para forzar una lectura fuera de l\u00edmites de la memoria din\u00e1mica (heap), desencadenando un cierre inesperado del servicio LDAP."}], "lastModified": "2024-11-21T03:23:47.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C32AFB8-385C-43D2-A22B-CC6E3B8AAE3B", "versionEndExcluding": "1.3.6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2017-2591

3.7^/10

5.0^/10

Attach tags to `CVE-2017-2591`