CVE-2018-10850: Race Condition
First published: Wed Jun 06 2018(Updated: )
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/389-ds-base | <1.4.0.10 | 1.4.0.10 |
| redhat/389-ds-base | <1.3.8.3 | 1.3.8.3 |
| Fedoraproject 389 Directory Server | <1.4.0.10 | |
| Debian Debian Linux | =8.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =7.6 | |
| Redhat Enterprise Linux Server Eus | =7.5 | |
| Redhat Enterprise Linux Server Eus | =7.6 | |
| Redhat Enterprise Linux Server Tus | =7.6 | |
| Redhat Enterprise Linux Workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html
- https://access.redhat.com/errata/RHSA-2018:2757
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850
- https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html
- https://pagure.io/389-ds-base/c/8f04487f99a
- https://pagure.io/389-ds-base/issue/49768
- https://bugzilla.redhat.com/show_bug.cgi?id=1588056
Frequently Asked Questions
What is CVE-2018-10850?
CVE-2018-10850 is a vulnerability in 389-ds-base before versions 1.4.0.10 and 1.3.8.3.
What is the severity of CVE-2018-10850?
The severity of CVE-2018-10850 is high with a severity value of 5.9.
How does CVE-2018-10850 impact 389-ds-base?
CVE-2018-10850 could result in a race condition in 389-ds-base, causing a crash if the server is under load.
How can an attacker exploit CVE-2018-10850?
An anonymous attacker could trigger a denial of service by exploiting CVE-2018-10850.
How can I fix CVE-2018-10850?
To fix CVE-2018-10850, update to versions 1.4.0.10 or 1.3.8.3 of 389-ds-base.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/remedy
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-10850
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/fedoraproject
- canonical/fedoraproject 389 directory server
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.6
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.5
- version/redhat enterprise linux server eus/7.6
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.6
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- package-manager/redhat