projects / 389-ds-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 218dc87) | patch
Security fix for CVE-2024-5953
authorPierre Rogier <progier@redhat.com>
Fri, 14 Jun 2024 11:27:10 +0000 (13:27 +0200)
committerAndrej Shadura <andrewsh@debian.org>
Thu, 16 Jan 2025 16:16:37 +0000 (17:16 +0100)
commit5575f7f26c03ea799940ec9853487448f4a91a48
tree290405ec4174d6178c30f8983227acd80e346819tree | snapshot
parent218dc878921027cddf766d5b67f52d87238e8032commit | diff
Security fix for CVE-2024-5953

Description:
A denial of service vulnerability was found in the 389 Directory Server.
This issue may allow an authenticated user to cause a server denial
of service while attempting to log in with a user with a malformed hash
in their password.

Fix Description:
To prevent buffer overflow when a bind request is processed, the bind fails
if the hash size is not coherent without even attempting to process further
the hashed password.

References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-5953
- https://access.redhat.com/security/cve/CVE-2024-5953
- https://bugzilla.redhat.com/show_bug.cgi?id=2292104

Gbp-Pq: Name CVE-2024-5953.patch
dirsrvtests/tests/suites/password/regression_test.py diff | blob | history
ldap/servers/plugins/pwdstorage/md5_pwd.c diff | blob | history
ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.