vulnerability
CentOS Linux: CVE-2019-3883: Moderate: 389-ds-base security and bug fix update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Apr 17, 2019 | Aug 1, 2019 | May 25, 2023 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Apr 17, 2019
Added
Aug 1, 2019
Modified
May 25, 2023
Description
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.
Solutions
centos-upgrade-389-ds-basecentos-upgrade-389-ds-base-debuginfocentos-upgrade-389-ds-base-debugsourcecentos-upgrade-389-ds-base-develcentos-upgrade-389-ds-base-legacy-toolscentos-upgrade-389-ds-base-legacy-tools-debuginfocentos-upgrade-389-ds-base-libscentos-upgrade-389-ds-base-libs-debuginfocentos-upgrade-389-ds-base-snmpcentos-upgrade-389-ds-base-snmp-debuginfocentos-upgrade-python3-lib389
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.