CVE-2024-2199

Vulnerability

Description

CVE-2024-2199 is a denial-of-service (DoS) vulnerability found in the 389 Directory Server (389-ds-base) LDAP server. The issue stems from improper handling of malformed input when an authenticated user modifies the userPassword attribute. Specifically, a crafted request can trigger a server crash, causing a denial of service condition for legitimate users [1].

Attack

Vector

An attacker must have valid authentication credentials to the LDAP server. No special privileges beyond regular user access are required. By sending a specially crafted LDAP modify request targeting the userPassword attribute, the attacker can cause the server process to terminate abruptly. The vulnerability is exploitable remotely over the network, as LDAP operations are typically transmitted over TCP/IP [2][3].

Impact

Successful exploitation results in a crash of the 389-ds-base server, leading to a temporary denial of service for all directory services provided by that instance. This can disrupt authentication, authorization, and other LDAP-dependent applications. The crash does not lead to data corruption or unauthorized access, but availability is compromised until the server is manually restarted [4].

Mitigation

Red Hat has released updated packages for 389-ds-base in multiple advisory streams (RHSA-2024:3837, RHSA-2024:4235, RHSA-2024:4633, RHSA-2024:5690) that fix this vulnerability. Users are advised to update the 389-ds-base package to the patched version (e.g., 2.4.5-8.el9_4 for RHEL 9). There is no known workaround; applying the update is the recommended remediation [1][4].