Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1067

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1067
Last Modified 10 Mar 2011 10:51:17
Published 23 Feb 2011 02:00:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1067

Summary

slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.

Vulnerable Systems

Application

  • Fedoraproject 389 Directory Server 1.2.1

  • Fedoraproject 389 Directory Server 1.2.2

  • Fedoraproject 389 Directory Server 1.2.3

  • Fedoraproject 389 Directory Server 1.2.5

  • Fedoraproject 389 Directory Server 1.2.6

  • Fedoraproject 389 Directory Server 1.2.6.1

  • Fedoraproject 389 Directory Server 1.2.7

  • Fedoraproject 389 Directory Server 1.2.7.5

  • Fedoraproject 389 Directory Server 1.2.8


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=668619

XF - rhds-simple-paged-dos(65769)

SECUNIA - 43566

CONFIRM - http://directory.fedoraproject.org/wiki/Release_Notes


Last Updated: 27 May 2016 10:56:08