projects / 389-ds-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0972929) | patch
Security fix for CVE-2024-5953
authorPierre Rogier <progier@redhat.com>
Fri, 14 Jun 2024 11:27:10 +0000 (13:27 +0200)
committerAndrej Shadura <andrewsh@debian.org>
Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)
commit48ca7e156e6a8c994eb59e99091c20d67ef6b021
tree640164bf728b1a5d43c5292a3518157281886c72tree | snapshot
parent09729293fce390a9d0724110c0018b4c147438c3commit | diff
Security fix for CVE-2024-5953

Description:
A denial of service vulnerability was found in the 389 Directory Server.
This issue may allow an authenticated user to cause a server denial
of service while attempting to log in with a user with a malformed hash
in their password.

Fix Description:
To prevent buffer overflow when a bind request is processed, the bind fails
if the hash size is not coherent without even attempting to process further
the hashed password.

References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-5953
- https://access.redhat.com/security/cve/CVE-2024-5953
- https://bugzilla.redhat.com/show_bug.cgi?id=2292104

Origin: upstream, commit:b7a266f7fd07661afb0c979e76ff8a3a8b9dd0ae

Gbp-Pq: Name CVE-2024-5953.patch
dirsrvtests/tests/suites/password/regression_test.py diff | blob | history
ldap/servers/plugins/pwdstorage/md5_pwd.c diff | blob | history
ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.