389-ds-base: denial of service
| Package(s): | 389-ds-base |
CVE #(s): | CVE-2017-2591
|
| Created: | January 30, 2017 |
Updated: | February 1, 2017 |
| Description: |
From the Mageia advisory:
The "attribute uniqueness" plugin did not properly NULL-terminate an
array when building up its configuration if a so called 'old-style'
configuration was being used. An attacker, authenticated, but possibly
also unauthenticated, could possibly force the plugin to read beyond
allocated memory and trigger a segfault. The crash could also possibly
be triggered accidentally. |
| Alerts: |
|
