projects / 389-ds-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e1b61f5) | patch
Security fix for CVE-2024-2199
authorJames Chapman <jachapma@redhat.com>
Wed, 1 May 2024 14:01:33 +0000 (15:01 +0100)
committerAndrej Shadura <andrewsh@debian.org>
Thu, 16 Jan 2025 16:16:37 +0000 (17:16 +0100)
commit8b0dad8f16cfe84a339b6809adf193625b013e06
treee17b19645219e6548ae2772cefbc6b63130c61datree | snapshot
parente1b61f5a30a7ff872beae6199db866d8aadaff07commit | diff
Security fix for CVE-2024-2199

Description:
A denial of service vulnerability was found in the 389 Directory Server.
This issue may allow an authenticated user to cause a server crash while
modifying userPassword using malformed input.

Fix Description:
When doing a mod on userPassword we reset the pblock modifier after we
set the modified timestamp, ensuring the pblock data stays valid.

References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-2199
- https://access.redhat.com/security/cve/CVE-2024-2199
- https://bugzilla.redhat.com/show_bug.cgi?id=2267976

Gbp-Pq: Name CVE-2024-2199.patch
dirsrvtests/tests/suites/password/password_test.py diff | blob | history
ldap/servers/slapd/modify.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.