← Back

CVE-2011-1067

nvd nist
Published: Feb 23, 2011Modified: Apr 29, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:N/A:P
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.

Affected (21)

Fedoraproject
1 product
389 Directory Server
Configuration A
21 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
389 Directory Server
Up to 1.2.8
389 Directory Server
Version 1.2.1
389 Directory Server
Version 1.2.2
389 Directory Server
Version 1.2.3
389 Directory Server
Version 1.2.5
389 Directory Server
Version 1.2.5 rc1
389 Directory Server
Version 1.2.5 rc2
389 Directory Server
Version 1.2.5 rc3
389 Directory Server
Version 1.2.5 rc4
389 Directory Server
Version 1.2.6.1
389 Directory Server
Version 1.2.6
389 Directory Server
Version 1.2.6 a2
389 Directory Server
Version 1.2.6 a3
389 Directory Server
Version 1.2.6 a4
389 Directory Server
Version 1.2.6 rc1
389 Directory Server
Version 1.2.6 rc2
389 Directory Server
Version 1.2.6 rc3
389 Directory Server
Version 1.2.6 rc6
389 Directory Server
Version 1.2.6 rc7
389 Directory Server
Version 1.2.7.5
389 Directory Server
Version 1.2.7 alpha3

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.