CVE-2019-3883 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-3883 Interim 1 20 2022-12-03T01:33:21Z current 2021-05-30T14:22:55Z 2022-12-03T01:33:21Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-3883 In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2019-August/005817.html E-Mail link for SUSE-SU-2019:2155-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-1.4.3.9~git0.3eb8617f6-1.2 389-ds-1.4.4.14~git0.37dc95673-1.1 389-ds-2.0.15~git17.498ec3e93-150400.1.3 389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1 389-ds-devel-1.4.3.9~git0.3eb8617f6-1.2 389-ds-devel-1.4.4.14~git0.37dc95673-1.1 389-ds-devel-2.0.15~git17.498ec3e93-150400.1.3 lib389-1.4.3.9~git0.3eb8617f6-1.2 lib389-1.4.4.14~git0.37dc95673-1.1 lib389-2.0.15~git17.498ec3e93-150400.1.3 libsvrcore0-1.4.3.9~git0.3eb8617f6-1.2 libsvrcore0-1.4.4.14~git0.37dc95673-1.1 libsvrcore0-2.0.15~git17.498ec3e93-150400.1.3 389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 389-ds-1.4.3.9~git0.3eb8617f6-1.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 389-ds-devel-1.4.3.9~git0.3eb8617f6-1.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 lib389-1.4.3.9~git0.3eb8617f6-1.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 libsvrcore0-1.4.3.9~git0.3eb8617f6-1.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 389-ds-1.4.4.14~git0.37dc95673-1.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 389-ds-devel-1.4.4.14~git0.37dc95673-1.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 lib389-1.4.4.14~git0.37dc95673-1.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 libsvrcore0-1.4.4.14~git0.37dc95673-1.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 389-ds-2.0.15~git17.498ec3e93-150400.1.3 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 389-ds-devel-2.0.15~git17.498ec3e93-150400.1.3 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 lib389-2.0.15~git17.498ec3e93-150400.1.3 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 libsvrcore0-2.0.15~git17.498ec3e93-150400.1.3 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service. CVE-2019-3883 SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1 SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1 SUSE Linux Enterprise Module for Server Applications 15 SP2:389-ds-1.4.3.9~git0.3eb8617f6-1.2 SUSE Linux Enterprise Module for Server Applications 15 SP2:389-ds-devel-1.4.3.9~git0.3eb8617f6-1.2 SUSE Linux Enterprise Module for Server Applications 15 SP2:lib389-1.4.3.9~git0.3eb8617f6-1.2 SUSE Linux Enterprise Module for Server Applications 15 SP2:libsvrcore0-1.4.3.9~git0.3eb8617f6-1.2 SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.14~git0.37dc95673-1.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.14~git0.37dc95673-1.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.14~git0.37dc95673-1.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.14~git0.37dc95673-1.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.15~git17.498ec3e93-150400.1.3 SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.15~git17.498ec3e93-150400.1.3 SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.15~git17.498ec3e93-150400.1.3 SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.15~git17.498ec3e93-150400.1.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L