NewStart CGSL MAIN 4.05 : 389-ds-base Vulnerability (NS-SA-2019-0140)
Medium Nessus Plugin ID 127402
SynopsisThe remote machine is affected by a vulnerability.
DescriptionThe remote NewStart CGSL host, running version MAIN 4.05, has 389-ds-base packages installed that are affected by a vulnerability:
- It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade the vulnerable CGSL 389-ds-base packages. Note that updated packages may not be available yet. Please contact ZTE for more information.