CVE-2017-15135

Impact:
Moderate
Public Date:
2018-01-22
CWE:
CWE-287
Bugzilla:
1525628: CVE-2017-15135 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c
It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.

Find out more about CVE-2017-15135 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 4.6
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (389-ds-base) RHSA-2018:0414 2018-03-06
Red Hat Enterprise Linux 6 (389-ds-base) RHSA-2018:0515 2018-03-13

Acknowledgements

This issue was discovered by Martin Poole (Red Hat).

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.