ALAS-2017-824

Metadata

high
unknown
389-ds-base
CVE-2017-2668
2017-04-27
2017-04-27 21:03
CVE-2017-2668 389-ds-base
CVE-2017-2668

Description

Remote crash via crafted LDAP messages: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. (CVE-2017-2668 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
389-ds-base 389-ds-base-1.3.5.10-20.50.amzn1.x86_64
389-ds-base 389-ds-base-1.3.5.10-20.50.amzn1.i686
389-ds-base 389-ds-base-1.3.5.10-20.50.amzn1.src
389-ds-base-debuginfo 389-ds-base-debuginfo-1.3.5.10-20.50.amzn1.i686
389-ds-base-debuginfo 389-ds-base-debuginfo-1.3.5.10-20.50.amzn1.x86_64
389-ds-base-devel 389-ds-base-devel-1.3.5.10-20.50.amzn1.x86_64
389-ds-base-devel 389-ds-base-devel-1.3.5.10-20.50.amzn1.i686
389-ds-base-libs 389-ds-base-libs-1.3.5.10-20.50.amzn1.x86_64
389-ds-base-libs 389-ds-base-libs-1.3.5.10-20.50.amzn1.i686
389-ds-base-snmp 389-ds-base-snmp-1.3.5.10-20.50.amzn1.i686
389-ds-base-snmp 389-ds-base-snmp-1.3.5.10-20.50.amzn1.x86_64