REDHAT-BUG-1195729
First published: Tue Feb 24 2015(Updated: )
It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for information about a group with many members, or a request for a user that belongs to a large number of groups, would cause a Directory Server to enter an infinite loop and consume an excessive amount of CPU time. Acknowledgements: This issue was discovered by Sumit Bose of Red Hat.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Directory Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=994786&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=994786&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=994788&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=994788&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=995077&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=995077&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1205200
- https://access.redhat.com/security/cve/CVE-2015-1827
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1206049
- https://rhn.redhat.com/errata/RHSA-2015-0728.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1195729
Frequently Asked Questions
What is the severity of REDHAT-BUG-1195729?
The severity of REDHAT-BUG-1195729 is considered high due to potential denial of service risks.
How do I fix REDHAT-BUG-1195729?
To fix REDHAT-BUG-1195729, apply the latest security patches provided by Red Hat for the Directory Server software.
What is the impact of REDHAT-BUG-1195729?
The impact of REDHAT-BUG-1195729 includes possible service disruption when handling requests for user accounts with a high number of groups.
Which version of Red Hat Directory Server is affected by REDHAT-BUG-1195729?
All versions of Red Hat Directory Server that include the slapi-nis Directory Server plug-in are affected by REDHAT-BUG-1195729.
Is there a workaround for REDHAT-BUG-1195729?
Currently, no official workaround for REDHAT-BUG-1195729 is documented; applying patches is recommended.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-0283
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat directory server