projects / 389-ds-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0260c1d) | patch
Security fix for CVE-2024-2199
authorJames Chapman <jachapma@redhat.com>
Wed, 1 May 2024 14:01:33 +0000 (15:01 +0100)
committerAndrej Shadura <andrewsh@debian.org>
Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)
commit76e2f33aa7a8959a801621f11280c6ba63f09702
tree9f0f03ef376eb07e6edc2d39c136959c10cfcf7btree | snapshot
parent0260c1d9454915cf94c7c6cb20dd2463c4617525commit | diff
Security fix for CVE-2024-2199

Description:
A denial of service vulnerability was found in the 389 Directory Server.
This issue may allow an authenticated user to cause a server crash while
modifying userPassword using malformed input.

Fix Description:
When doing a mod on userPassword we reset the pblock modifier after we
set the modified timestamp, ensuring the pblock data stays valid.

References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-2199
- https://access.redhat.com/security/cve/CVE-2024-2199
- https://bugzilla.redhat.com/show_bug.cgi?id=2267976

Origin: upstream, commit:a9d87c9dbef85506eedc31d96da8a68766b4fc91

Gbp-Pq: Name CVE-2024-2199.patch
dirsrvtests/tests/suites/password/password_test.py diff | blob | history
ldap/servers/slapd/modify.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.